• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Announcing CMSMS 1.12.2 - kolonia
PostPosted: Mon Mar 28, 2016 4:07 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 7789
Location: Fernie British Columbia, Canada
Hello Everybody.

Today we are announcing CMS Made Simple 1.12.2, a release primarily addressing a security concern.

This release addresses a concern about how the HTTP_HOST header can potentially be spoofed in some circumstances resulting in various problems including the fact that all links from your site could be altered to point to another domain.

We have modified the code such that this is no longer easily possible. This change will not be of a concern for most installations, but on some sites where the same installation of CMS Made Simple can be accessed by requesting different domains some modifications may be required.

In CMSMS 1.12.2 we introduced a new config variable entitled 'host_whitelist' which provides an absolute list of which hosts your installation will support. Developers using installations that support some kind of multi-site configuration will need to review the documentation for this config variable in the doc/config_reference.pdf file distributed with CMSMS 1.12.2 and adjust their config.php file accordingly.

Additionally, there are a few very minor fixes included with 1.12.2, including some fixes to the cms_url class.

This release encapsulates the CMSMailer 5.2.14 security vulnerability that was previously addressed as a new CMSMailer module version.

As previously announced, we will continue to support the 1.12.x series for critical bugs and security fixes until 365 days after the release of CMSMS 2.0, which occurs in September 2016.

Thank you for your time, and we encourage you to upgrade your CMSMS installations as soon as possible. You can download 1.12.2 from the CMSMS forge at: http://dev.cmsmadesimple.org/project/files/6

Many thanks to Mickaël WALTER at i-tracing.com for finding this issue and kindly reporting it to us.

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
A2 Hosting