CMS Made Simple Forums
https://forum.cmsmadesimple.org/

Announcing CMSMS 2.2.7 - Skookumchuck
https://forum.cmsmadesimple.org/viewtopic.php?f=1&t=78042
Page 1 of 1

Author:  calguy1000 [ Sat Mar 10, 2018 2:03 pm ]
Post subject:  Announcing CMSMS 2.2.7 - Skookumchuck

Today we announce the release of CMS Made Simple v2.2.7 - Skookumchuck. This is a security release and we recommend that everybody upgrade their websites at their earliest convenience.

The primary focus of this release was to fix potential vulnerabilities in the admin login functionality. Including: Fixing an object insertion bug if the login cookie was ever compromised, and fixing an issue where it was potentially possible to forge the cookie by reverse engineering the password salt. Additionally, we have refactored the functionality for resetting forgotten admin passwords and changed the name of the CSRF token that is used on all admin requests.

Secondarily, we modified the FileManager and FilePicker modules to disallow uploading any files that end with a . (dot). This is a minor security enhancement, particularly for windows based hosts.

As normal, the volunteer dev team is only asked to support technical issues with the last two public releases of CMSMS. As of now those are versions 2.2.6 and 2.2.7.

Note: as of version 2.2.7, the minimum PHP version requirement is 5.6. We recommend 7.1 for improved performance.

Thank you, and have fun with CMSMS.

Page 1 of 1 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/