• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC

Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Announcing CMS Made Simple 1.12 - Pohnpei
PostPosted: Sun Apr 12, 2015 6:16 pm 
Power Poster
Power Poster
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 8169
Location: Fernie British Columbia, Canada
Hello Everyone.

Today we are announcing the latest in the stream of releases for CMSMS 1.x. Version 1.12 - Pohnpei. This release can be called a 'security and stability' release where we primarily made changes related to security, but also attempted to resolve or improve a number of outstanding issues.

The biggest changes in this release are related to security. First, we now require, and enforce that register_globals (a PHP setting that has long been considered insecure, and is removed from newer versions of PHP, see: http://php.net/manual/en/security.globals.php) be completely disabled in your CMSMS install. Secondly, we have removed the {eval} statements from the factory default News summary and detail templates. This will prevent content submitted by un-verified users from doing nasty things with smarty. And thirdly (though not last) we made some changes in our smarty config to improve security.

Along with the security fixes we have improved the homepage functionality in the CMSMS admin console, fixed some lingering minor issues, and generally improved the stability of your favourite content management system.

Because this is a security release, we do encourage everybody to upgrade their CMSMS websites as soon as possible. As of now, per our support policy the only two officially supported versions of CMSMS are 1.11.13 and 1.12.

For all users using the "fesubmit" action of the News module: We highly encourage you to remove the {eval} statements from your News summary and detail templates. i.e: if the current template contains something like: {eval var=$entry->content} merely replace it with {$entry->content}.

From this point forward we will be de-emphasizing development on the 1.x series of CMSMS, and focussing on development of the soon to be released CMSMS 2.0. CMSMS 1.x development will be restricted to fixing important security issues and absolutely critical stability issues. As we have previously stated, We will continue to support the 1.x series of CMSMS for one year (365 days) after the release of CMSMS 2.0.

Have fun, and enjoy your favourite web content management system.

The CMSMS Dev team.

Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.

Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC

Who is online

Users browsing this forum: No registered users

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
A2 Hosting