Page 1 of 1

Coming soon: CMSMS 1.11.7

Posted: Tue May 21, 2013 6:45 pm
by calguy1000
Over the weekend we received a report of a few important security vulnerabilities in CMSMS 1.11.6 (and all previous versions). We have reproduced them, and applied fixes to the CMSMS core. Therefore, as we like to be proactive with security issues in the core, there will be a 1.11.7 release coming soon.

Though the changes we made were relatively simple, We are going to do some testing to try to ensure that we haven't broken any core functionality with these changes before we release.

We would like to thank the people at "LEAKFREE IT Security" for reporting these issues to us.

In addition, there has been a change to CMSMS with respect to handling of time zone issues. We have spent a considerable amount of time researching and experimenting and have found a solution to allow you to enter date and time values (for example for News articles) in a timezone that is not necessarily that of the server.

The new config option 'set_db_timezone' which will be OFF by default for 1.11.x will allow you to specify the timezone that should be used for entering and displaying dates and times. i.e: if your server is in California USA, but you are building a website for a club in the netherlands, you could set your 'timezone' to a 'Netherlands/Amsterdam' (I think that's the correct one). and enable 'set_db_timezone' in the config.php. This would allow you to enter dates and times for News articles or Calendar events relative to Amsterdam and have their display work properly.

We hope to have this release out some time this week, but are waiting on some testing by other members of the dev team, and to get the necessary amount of 'thumbs up' before we release.

Stay tuned, and thanks you for your time.