version 2.3.7

• !!! regression fix all styles were stripped from rich text upon save due to recent security fix
• !!! regression fix an admin was able to possibly edit a super-admin user profile
• !!! security fix elFinder would allow an authenticated user to upload an xss script then execute it CVE-ID #2015-8684
  • regression fix enhanced password hash strength would break all future logins due to stored hash field not being long enough (since v2.3.5)
    -- only occurred when upgrading from a version prior to v2.3.5 and only when increasing password crypto depth above 0
  • regression fix ajax paging would add 'time' parameter twice to calendar urls
  • regression fix ajax paging would add google analytics params to the urls

And from v2.3.6...

• !!! adds additional security checking for XSS vulnerabilities - CVE-2015-8667
  • !!! adds support for PHP v7.x
    • compatible with PHP v5.3.x, 5.4.x, 5.5.x, 5.6.x, and 7.0.x
  • !!! regression fix ALL reCaptcha responses always fail since v2.3.3
  • adds new 'loading' animation (font icon) for boostrap/bootstrap3
  • cleans up some bootstrap3 views, returns option of displaying extra-small buttons in sample theme
  • adds new setting to bootstrap/bootstrap3 themes to limit menu item depth in navbars
  • adds new setting to bootstrap3 theme to center main navbar (in addition to left & right alignment)
  • adds new optional paypalExpress 'in-context' checkout experience
  • adds two optional elFinder themes, also cleans up default theme
  • better EAAS error and event record support (events now sent by date instead of by entry sequence)
  • much better (optional) ajax paging support
  • much better job of returning to previous pages
  • adds new optional upgrade script to quickly clean up files database (adds new files, removes missing files)
  • includes all fixes from v2.3.5 patches (#1 & #2)