CMSMS 1.2.3 Upgrade and TinyMCE

For questions and problems with the CMS core. This board is NOT for any 3rd party modules, addons, PHP scripts or anything NOT distributed with the CMS made simple package itself.
Post Reply
User avatar
Nullig
Power Poster
Power Poster
Posts: 2380
Joined: Fri Feb 02, 2007 4:31 pm

CMSMS 1.2.3 Upgrade and TinyMCE

Post by Nullig »

I notice that the 1.2.2 to 1.2.3 diff doesn't include the full TinyMCE upgrade to 2.2.7.

Is it necessary to upgrade TinyMCE as well as CMSMS to avoid the exploit?

Nullig
Top
calguy1000
Support Guru
Support Guru
Posts: 8169
Joined: Tue Oct 19, 2004 6:44 pm

Re: CMSMS 1.2.3 Upgrade and TinyMCE

Post by calguy1000 »

The exploit was in TinyMCE afaik.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Top
User avatar
Nullig
Power Poster
Power Poster
Posts: 2380
Joined: Fri Feb 02, 2007 4:31 pm

Re: CMSMS 1.2.3 Upgrade and TinyMCE

Post by Nullig »

The Blog announcement says that the 1.2.3 upgrade is to fix the sql injection problem, which I believed was in TinyMCE, but the 1.2.2-1.2.3 diff doesn't include the full TinyMCE update. Was it just missed in the diff file?

Nullig
Top
Ted
Power Poster
Power Poster
Posts: 3329
Joined: Fri Jun 11, 2004 6:58 pm

Re: CMSMS 1.2.3 Upgrade and TinyMCE

Post by Ted »

1.2.3 has whatever was in the TinyMCE trunk at the time, with the exploit fixed.  I'm not sure of what upstream version was in there, only that the patch was put out as fast as possible.
Top
Post Reply

Return to “CMSMS Core”