Announcing CMSMS 1.11.6 - Merchena

Project Announcements. This is read-only, as in... not for problems/bugs/feature request.
Post Reply
calguy1000
Support Guru
Support Guru
Posts: 8169
Joined: Tue Oct 19, 2004 6:44 pm
Location: Fernie British Columbia, Canada

Announcing CMSMS 1.11.6 - Merchena

Post by calguy1000 »

Today we are announcing an important security release of CMSMS. Thanks to a few users who informed us of the issues we accelerated plans for our release and threw in a few important bug fixes too.

The following issues were addressed in this release:
- XSS Vulnerabilities in the core, and in the installer.
- Fixes problem with page template parsing wrt the and HTML tags.
- Fixes a problem with some modules not listening to the stuff... order of execution problem.
- Fixes some problems with the Simplex demo theme and touch screen interfaces.
** Note, the Simplex theme is not intended to have full functonality on lower resolution devices like phones. It is intended for tablets etc.

EDIT: For your information the sample .htaccess file shipped with CMSMS has been modified to include fixes for other potential points of attack. It may be useful to look at this file and merge the changes into your .htaccess.

Because of the nature of the vulnerabilities, we request people to upgrade their websites as soon as possible.

As of this release the only supported versions of CMSMS are 1.11.5 and 1.11.6.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
User avatar
Rolf
Dev Team Member
Dev Team Member
Posts: 7825
Joined: Wed Apr 23, 2008 7:53 am
Location: The Netherlands
Contact:

Re: Announcing CMSMS 1.11.6 - Merchena

Post by Rolf »

Some webhosts don't allow the new line in the default .htaccess file and you get a error500 at the site. In that case change:

Code: Select all

php_value session.cookie_httponly true
to

Code: Select all

#php_value session.cookie_httponly true
In next releases this line will be optional
- + - + - + - + - + - + -
LATEST TUTORIAL AT CMS CAN BE SIMPLE:
Migrating Company Directory module to LISE
- + - + - + - + - + - + -
Image
Post Reply

Return to “Announcements”