• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Announcing CMS Made Simple 1.11.13 - Security Release
PostPosted: Fri Feb 20, 2015 3:58 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 7966
Location: Fernie British Columbia, Canada
** This is an Important Security Release ***

Announcing CMSMS 1.11.13 - Baquerizo Moreno

Although we had not planned on releasing a new version of CMSMS for a while yet, a few security vulnerabilities (some that were reported to us, others that we found ourselves) have forced our hand.

The issues we found were related to reliable ways to generate a full path disclosure, and to XSS vulnerabilities, and potential flooding and denial of service attacks in the News fesubmit feature. Additionally, though minor, we fixed an XSS vulnerability in the add and edit bookmark functionality in the admin interface. These vulnerabilities apply to all versions of CMSMS.

The News fesubmit feature that allows site visitors to submit News articles was particularly vulnerable. Although we do not think that this feature is used much, it is available, and all CMSMS sites that use the News module, or have it enabled, are vulnerable to attack.

The new version of News now has an option to enable the fesubmit feature, which is OFF by default. This means that upon upgrade, the sites that do use the fesubmit feature of News must explicitly enable it in the module settings.

Because of the important nature of these security issues, we recommend that everybody upgrade all of their websites to CMSMS 1.11.13 as soon as possible. As per our support policy, the only supported versions of CMSMS as of this release are 1.11.13 and 1.11.12.

Thank you for your time, have fun with CMSMS, and see you at the geekmoot in Ghent! Read more on http://www.geekmoot.com

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
A2 Hosting