• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Announcing CMSMS 2.2.2 - Hearts Content
PostPosted: Sat Jul 08, 2017 2:36 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Tue Oct 19, 2004 6:44 pm
Posts: 7936
Location: Fernie British Columbia, Canada
Hello everybody,

Continuing with our commitment to quality code, we are announcing the release of 2.2.2 "Hearts Content", a security and stability release.

This release fixes or blocks a couple of very important security issues, addresses a number of bugs that existed in the system, and generally improves stability and usability.

Some important things to note are:

1. The security issues addressed effect all previous versions of CMS Made Simple, not just the 2.x series.

2. Due to the security fixes, Smarty resource specifications with paths or wildcard characters will no longer work. This will affect a few third party modules--notably JMFilePicker. The maintainers of affected modules should be able to address this issue without too much difficulty. Additionally, any and all occurrences of {php} tags that may have been able to function in old versions of CMSMS should now fail.

3. We have once again changed the template processing order, specifically related to mact preprocessing. Now, mact-preprocessing occurs AFTER the top portion of the template, but before the body portion. This specifically addresses issues with multi-lang sites. As of now, the template processing order is:
The top portion of the page template.
mact-preprocesing (if enabled) caches a module action intended for the {content} block.
  1. The top portion of the page template.
  2. mact-preprocesing (if enabled) caches a module action intended for the {content} block.
  3. The body portion of the page template.
  4. The head portion of the page template.

4. Fixes to cms_selflink, to content pages and to various API functions such that entirely numeric page aliases are invalid. This is to prevent them from being confused with numeric page ids.
When adding or editing a page, if the resulting page alias is entirely numeric (i.e: 12345 or 123-123) then a non-numeric character ('p') will be prepended to the alias. aliases such as 123-foo are not entirely numeric and therefore are valid.

5. Upgraded MicroTiny to use TinyMce 4.6.x and added the tabfocus and hr plugins.

As usual, a complete list of the items fixed and changed are available in the changelog that is displayed during the upgrade process and included with the release.

Because this is a security release as well as a stability release we encourage everybody to upgrade their websites as soon as possible.

Again we would like to thank Daniel Le Gall from SCRT SA, Switzerland for identifying these vulnerabilities, reporting them to us in a professional manner, and working with us to ensure that they were resolved.

The CMSMS Dev Team now only officially supports CMSMS 2.2.2 and CMSMS 2.2.1. Therefore, it is to your advantage to upgrade as soon as possible.

Thank you, and have fun with CMSMS.

_________________
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Announcing CMSMS 2.2.2 - Hearts Content
PostPosted: Sat Jul 08, 2017 10:31 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Wed Feb 25, 2009 4:25 am
Posts: 313
Location: Victoria, BC
Note: if you're using the legacy functionality "use https for this page" and don't have https forced in your htaccess, you will get a redirect error.

Although this is technically a bug in 2.2.x, we decided a while ago to drop mixed content support, as it's no longer needed with free/cheap ssl. It was useful a few years ago with shared certificates on shared hosting.

So, it is fixed in svn for the next minor release, but will be dropped in 2.3.

Here's what I put in my htaccess, and there's plenty of tips on Google for other methods:
Code:
#force non-www and https
RewriteCond %{HTTP_HOST} ^(www\.)(.+) [OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?(.+)
RewriteRule ^ https://%2%{REQUEST_URI} [R=301,L]

_________________
Not getting the answer you need? CMSMS support options


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
A2 Hosting