CMS Made Simple 1.0.8 Released!

[sjg]

Sorry to have to report this, but a new security issue was brought to our attention today. Ted had it fixed in just a few minutes, and released version 1.0.8.

This vulnerability could result in unauthorized access to your CMS, so we strongly recommend that you update any CMS Made Simple installations you have on the open internet.

Thanks to [dren] and Rift for bringing the problem to our attention.

[delfstrom]

Well, at least I'm getting refining my technique at upgrading all my CMSMS sites as quickly as possible!

[[dren]]

Glad to see it fixed so promptly!

[tsw]

if anyone is interested I wrote this to help me

Code: Select all

#!/bin/perl
use strict;
use warnings;
use Data::Dumper;

#--------------------------------------------------------------------------------
# Script for copying diff packages to all installations (does not run db
# upgrade if needed)
#--------------------------------------------------------------------------------

die("READ THROUGH THE CODE BEFORE RUNNING!!!");

my $apply_to_version = "1.0.7";

print "finding existing installations \n";

my $base = "/var/www";
my $diff_loc = "/tmp/diff/*";

my @results =  `find $base -name version.php | xargs grep '\$CMS_VERSION = '`;

foreach(@results) {
    my ($location, $version) = split/:/;

    $location =~ s/version.php//;
    chomp($location);
    if($version =~ /(\d+\.\d+\.?\d*)/) {
        $version = $1;
    }

    ##only for 1.0.6
    if($version ne $apply_to_version) {
        print "skipping invalid version $version at $location \n";
        next;
    }

    my $command = "ls -lah ".$location."index.php";
    my $result = `$command`;

    my @fields = split(/ /, $result);

    my $owner = $fields[3];
    my $group = $fields[4];

    # setting rights of diff
    `chown -R $owner:$group $diff_loc`;

    #copy to installation
    #`cp -r -a $diff_loc $location`;

    print "upgraded installation at $location \n";
}

print "done\n";

not perfect in any way

use at your own risk!

read (and understand) the code before you run it!

and so on

[stopsatgreen]

This is an URGENT problem: Since 1.07, anyone who is not an Admin can't see the Published/Draft dropdown in News articles, so can't publish stories. This has been mentioned elsewhere and filed as a bug.

[cyberman]

Hmm, not directly - only admin can activate news entries.

But this should help

http://forum.cmsmadesimple.org/index.ph ... l#msg63683

[Mesmer]

is the downloadserver offline? Non of downloads work.