• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Announcing CMSMS 1.11.6 - Merchena
PostPosted: Fri Apr 19, 2013 3:26 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 8167
Location: Fernie British Columbia, Canada
Today we are announcing an important security release of CMSMS. Thanks to a few users who informed us of the issues we accelerated plans for our release and threw in a few important bug fixes too.

The following issues were addressed in this release:
- XSS Vulnerabilities in the core, and in the installer.
- Fixes problem with page template parsing wrt the and HTML tags.
- Fixes a problem with some modules not listening to the stuff... order of execution problem.
- Fixes some problems with the Simplex demo theme and touch screen interfaces.
** Note, the Simplex theme is not intended to have full functonality on lower resolution devices like phones. It is intended for tablets etc.

EDIT: For your information the sample .htaccess file shipped with CMSMS has been modified to include fixes for other potential points of attack. It may be useful to look at this file and merge the changes into your .htaccess.

Because of the nature of the vulnerabilities, we request people to upgrade their websites as soon as possible.

As of this release the only supported versions of CMSMS are 1.11.5 and 1.11.6.

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 1.11.6 - Merchena
PostPosted: Mon Apr 22, 2013 11:24 am 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Wed Apr 23, 2008 7:53 am
Posts: 7710
Location: The Netherlands
Some webhosts don't allow the new line in the default .htaccess file and you get a error500 at the site. In that case change:
\$1:
php_value session.cookie_httponly true
to
\$1:
#php_value session.cookie_httponly true

In next releases this line will be optional

_________________
$1

Did my post help you solving a problem at your (customers) website and it saved you many hours of work? Great!! Consider buying me a cup of coffee in return!



Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
A2 Hosting