• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 43 posts ]  Go to page 1, 2, 3  Next
Author Message
 Post subject: Announcing CMSMS 1.9.4.3 - Important Security Release
PostPosted: Sat Aug 27, 2011 5:18 pm 
Offline
Power Poster
Power Poster
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 8172
Location: Fernie British Columbia, Canada
Today we have released CMSMS 1.9.4.3, a minor release that fixes a single security issue in the news module. Essentially, a malicious person could via accessing a sincle URL corrupt your news articles.

This issue has been around for a long time, and only recently came to light. We recommend that everybody upgrade their CMSMS installs as soon as possible.

There is no database schema change in this version, therefore we have provided 'patch' versions to make this easier for those that are running a recent version of CMSMS. You should be able to download the appropriate 'diff' package, and upload it directly to your site(s).

Thank you for your time and consideration.

We would like to thank the people that reported this issue in a professional and mature manner.

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 1.9.4.3 - Important Security Release
PostPosted: Sat Aug 27, 2011 8:35 pm 
Offline
Power Poster
Power Poster
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 8172
Location: Fernie British Columbia, Canada
Yeah the forge is down... please stand by.

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 1.9.4.3 - Important Security Release
PostPosted: Sat Aug 27, 2011 9:42 pm 
Offline
Power Poster
Power Poster
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 8172
Location: Fernie British Columbia, Canada
it's back... thanks for your patience.

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 1.9.4.3 - Important Security Release
PostPosted: Mon Aug 29, 2011 10:38 am 
Offline
Forum Members
Forum Members

Joined: Thu Mar 23, 2006 11:06 am
Posts: 18
I got the cmsmsmadesimple-english-diff1.9.4.2-1.9.4.3 and tested on my local install. The tiny MCE updates change the text on the drop-downs to “advanced.style”, “advanced.paragraph” etc. instead of "Styles", "Format" etc. I re-copied modules/TinyMCE from the 1.9.4.2 release but this didn't fix the problem.
Are the TinyMCE files required for the security upgrade ?

Steve


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 1.9.4.3 - Important Security Release
PostPosted: Mon Aug 29, 2011 11:33 am 
Offline
Power Poster
Power Poster

Joined: Fri Sep 12, 2008 2:34 pm
Posts: 751
Location: Schweiz / Switzerland
Please update tinymce to 2.9.1 in this release. when i don't use the diff, there are problems when i overwrite 2.9.1 with this release.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 1.9.4.3 - Important Security Release
PostPosted: Mon Aug 29, 2011 1:36 pm 
Offline
Power Poster
Power Poster
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 8172
Location: Fernie British Columbia, Canada
Thank you for your deteiled message. Were you running a stock version of CMSMS 1.9.4.2 ? or had you customized TinyMCE.


tractorboy \tractorboy:
I got the cmsmsmadesimple-english-diff1.9.4.2-1.9.4.3 and tested on my local install. The tiny MCE updates change the text on the drop-downs to “advanced.style”, “advanced.paragraph” etc. instead of "Styles", "Format" etc. I re-copied modules/TinyMCE from the 1.9.4.2 release but this didn't fix the problem.
Are the TinyMCE files required for the security upgrade ?

Steve

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 1.9.4.3 - Important Security Release
PostPosted: Mon Aug 29, 2011 2:51 pm 
Offline
Forum Members
Forum Members

Joined: Tue Jun 06, 2006 1:10 pm
Posts: 115
Location: TX
Same for me. And I have a stock install. All tab text has changed to a smarty tags. Add image also.
$1


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 1.9.4.3 - Important Security Release
PostPosted: Mon Aug 29, 2011 6:26 pm 
Offline
Forum Members
Forum Members

Joined: Sat Aug 06, 2011 3:17 pm
Posts: 25
I am in the same situation as dmgd and tractorboy...

Upgraded from tinymce 2.8.4 to 2.9.1 (overwriting old folder with new) followed by upgrade of CMSMS from 1.9.4.2 to 1.9.4.3 by unzipping the diff file.

As well as smarty/dropdown problems, other things i noticed re style dropdown: when you make a selection the correct class is applied to the tag in the content, but tiny is no longer seeing the content stylesheet. (Style attributes specified for tinymce's own body tag still work).


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 1.9.4.3 - Important Security Release
PostPosted: Tue Aug 30, 2011 12:06 pm 
Offline
Forum Members
Forum Members

Joined: Tue Mar 25, 2008 11:34 pm
Posts: 105
I was going to upgrade a number of sites using this release but I'm now nervous and hanging fire. Please advise.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 1.9.4.3 - Important Security Release
PostPosted: Tue Aug 30, 2011 1:53 pm 
Offline
New Member
New Member

Joined: Tue Aug 30, 2011 1:50 pm
Posts: 2
It is because all TinyMCE files seem to be 0 bytes in the diff package


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 1.9.4.3 - Important Security Release
PostPosted: Wed Aug 31, 2011 6:56 am 
Offline
Forum Members
Forum Members

Joined: Tue Feb 05, 2008 8:47 pm
Posts: 64
Location: Zeist, The Netherlands
jospanner \jospanner:
I was going to upgrade a number of sites using this release but I'm now nervous and hanging fire. Please advise.



upgraded several sites using the full diff file. One one of them I received this error for a short while after the upgrade:
Attempt to use ADODB from outside of CMS"
After clearing cache and buffers the error was gone. No clue what has caused the temporary error message.

Upgrade of TimyMCE was more of a problem. Download from the modulemanager isn't working in none of my CMS sites. Either a bad checksum after download, of the download isn't available. Manual download from Sourceforge and upload to the modules folder is neccesary.

Hope this helps to make you less nervous.

greetings

Marc


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 1.9.4.3 - Important Security Release
PostPosted: Wed Aug 31, 2011 8:29 am 
Offline
Forum Members
Forum Members

Joined: Tue Mar 25, 2008 11:34 pm
Posts: 105
I tried uploading via XML but have the issue that the filepicker is not visible once I run the latest version of TINYMCE. It seems to be the 2.9.1 version doesn't work with 1.9.4.3? I agree the Module Manager doesn't work.

It has German text in the Module Manager too.

So I have upgraded using the full files to 1.9.4.3 but left the TINYMCE as version 2.8.4.

Any way around it to be able to upgrade to the latest TINYMCE would be good.

Thanks all.

PS - Just spotted this is an issue already reported http://dev.cmsmadesimple.org/bug/view/6666

When will it be fixed?


Last edited by jospanner on Wed Aug 31, 2011 8:50 am, edited 1 time in total.

Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 1.9.4.3 - Important Security Release
PostPosted: Wed Aug 31, 2011 8:50 am 
Offline
Forum Members
Forum Members

Joined: Thu Mar 23, 2006 11:06 am
Posts: 18
It's the stock version of TinyMCE. The Modules sceen gives the version as 2.8.4

calguy1000 \calguy1000:
Thank you for your deteiled message. Were you running a stock version of CMSMS 1.9.4.2 ? or had you customized TinyMCE.


tractorboy \tractorboy:
I got the cmsmsmadesimple-english-diff1.9.4.2-1.9.4.3 and tested on my local install. The tiny MCE updates change the text on the drop-downs to “advanced.style”, “advanced.paragraph” etc. instead of "Styles", "Format" etc. I re-copied modules/TinyMCE from the 1.9.4.2 release but this didn't fix the problem.
Are the TinyMCE files required for the security upgrade ?

Steve


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 1.9.4.3 - Important Security Release
PostPosted: Wed Aug 31, 2011 9:09 am 
Offline
Forum Members
Forum Members

Joined: Tue Mar 25, 2008 11:34 pm
Posts: 105
I have the same issue. Was running 2.8.4. If I upgrade to 2.9.1 (Module Manager doesn't work) have to do it via XML then TINYMCE has issues. Doesn't show filepicker when trying to add an image for example.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 1.9.4.3 - Important Security Release
PostPosted: Fri Sep 02, 2011 11:56 am 
Offline
Power Poster
Power Poster

Joined: Wed Jul 04, 2007 3:39 pm
Posts: 315
The diff files are screwed. Only upload these files:

doc/CHANGELOG.txt

modules/news/action.editarticle.php
modules/news/changelog.inc
modules/news/News.module.php

version.php


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 43 posts ]  Go to page 1, 2, 3  Next

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Hosting Nation - Managed CMSMS Hosting