Announcing CMS Made Simple 1.12 - Pohnpei

Project Announcements. This is read-only, as in... not for problems/bugs/feature request.
Post Reply
calguy1000
Support Guru
Support Guru
Posts: 8169
Joined: Tue Oct 19, 2004 6:44 pm
Location: Fernie British Columbia, Canada

Announcing CMS Made Simple 1.12 - Pohnpei

Post by calguy1000 »

Hello Everyone.

Today we are announcing the latest in the stream of releases for CMSMS 1.x. Version 1.12 - Pohnpei. This release can be called a 'security and stability' release where we primarily made changes related to security, but also attempted to resolve or improve a number of outstanding issues.

The biggest changes in this release are related to security. First, we now require, and enforce that register_globals (a PHP setting that has long been considered insecure, and is removed from newer versions of PHP, see: http://php.net/manual/en/security.globals.php) be completely disabled in your CMSMS install. Secondly, we have removed the {eval} statements from the factory default News summary and detail templates. This will prevent content submitted by un-verified users from doing nasty things with smarty. And thirdly (though not last) we made some changes in our smarty config to improve security.

Along with the security fixes we have improved the homepage functionality in the CMSMS admin console, fixed some lingering minor issues, and generally improved the stability of your favourite content management system.

Because this is a security release, we do encourage everybody to upgrade their CMSMS websites as soon as possible. As of now, per our support policy the only two officially supported versions of CMSMS are 1.11.13 and 1.12.

For all users using the "fesubmit" action of the News module: We highly encourage you to remove the {eval} statements from your News summary and detail templates. i.e: if the current template contains something like: {eval var=$entry->content} merely replace it with {$entry->content}.

From this point forward we will be de-emphasizing development on the 1.x series of CMSMS, and focussing on development of the soon to be released CMSMS 2.0. CMSMS 1.x development will be restricted to fixing important security issues and absolutely critical stability issues. As we have previously stated, We will continue to support the 1.x series of CMSMS for one year (365 days) after the release of CMSMS 2.0.

Have fun, and enjoy your favourite web content management system.

The CMSMS Dev team.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Post Reply

Return to “Announcements”