• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Announcing CMSMS 2.2.1 - Hearts Desire
PostPosted: Fri Jun 16, 2017 3:52 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 7791
Location: Fernie British Columbia, Canada
CRITICAL SECURITY RELEASE

Hello people.

Today we announce the release of CMS Made Simple version 2.2.1 "Hearts Desire". Not only does this release fix a few important issues detected with the 2.2 release, but it addresses a CRITICAL security issue that was detected for all 2.x releases. We request that you upgrade your CMSMS installations as soon as possible.

Specifically:

1. Fixed an issue where a compiled string template could be provided to many modules that directly execute PHP code without going through the Smarty security policy.
2. debug_to_log() is no longer a permitted php function to call within templates.
3. Fixed an issue where MicroTiny failed to initialize.
4. Fixed an issue in the database abstraction library when using nested transactions
5. Fixed an issue with the smarty plugin loading mechanism for plugins that use the smarty_cms_function_foo naming standard.
6. After an upgrade, ensure that the config.php has read-only permissions
7. On upgrade, move all remaining plugins (should only be third party plugins) from /plugins to /assets/plugins

Again, we consider the security vulnerabilities to be CRITICAL and request that you upgrade your sites as soon as possible.

Many thanks to Daniel Le Gall from SCRT SA, Switzerland for reporting this vulnerability. His skills and professionalism certainly assisted in our understanding, reproducing and resolving the vulnerability quickly and easily.

We apologize for the inconvenience and thank you for your cooperation.

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
A2 Hosting