Elgg 1.7.7 has been released with important bugfixes, one of which addresses a low-risk email address exposure bug. Thanks to Manacim Medriano the report!

Bugfixes include:

• Only admins can view the unvalidated users page.
• Fixed deprecation notices for locales that use comma as radix point.
• Groups - Files can be completely disabled per group.
• Pages - Deleting and creating subpages is restricted to owner or group member.
• Groups - group icons deleted when group is deleted.
• Pagination will not display when all content id displayed.
• Fixed issue with get_context() when trailing slash is missing.

There were also two API enhancements that developers may be interested in:

• Added $CONFIG->action_token_timeout.
• Added callback option to elgg_get_entities().

Please update now to ensure you and your users are getting the most from your Elgg sites!