Announcing CMSMS 2.2.7 - Skookumchuck

Project Announcements. This is read-only, as in... not for problems/bugs/feature request.
Post Reply
calguy1000
Support Guru
Support Guru
Posts: 8169
Joined: Tue Oct 19, 2004 6:44 pm
Location: Fernie British Columbia, Canada

Announcing CMSMS 2.2.7 - Skookumchuck

Post by calguy1000 »

Today we announce the release of CMS Made Simple v2.2.7 - Skookumchuck. This is a security release and we recommend that everybody upgrade their websites at their earliest convenience.

The primary focus of this release was to fix potential vulnerabilities in the admin login functionality. Including: Fixing an object insertion bug if the login cookie was ever compromised, and fixing an issue where it was potentially possible to forge the cookie by reverse engineering the password salt. Additionally, we have refactored the functionality for resetting forgotten admin passwords and changed the name of the CSRF token that is used on all admin requests.

Secondarily, we modified the FileManager and FilePicker modules to disallow uploading any files that end with a . (dot). This is a minor security enhancement, particularly for windows based hosts.

As normal, the volunteer dev team is only asked to support technical issues with the last two public releases of CMSMS. As of now those are versions 2.2.6 and 2.2.7.

Note: as of version 2.2.7, the minimum PHP version requirement is 5.6. We recommend 7.1 for improved performance.

Thank you, and have fun with CMSMS.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Post Reply

Return to “Announcements”