Announcing CMSMS 1.9.4.3 - Security Release
Category:General Releases
Aug 27, 2011 by Robert Campbell
Today we have released CMSMS 1.9.4.3, a minor release that fixes a single security issue in the news module. Essentially, a malicious person could via accessing a sincle URL corrupt your news articles.
This issue has been around for a long time, and only recently came to light. We recommend that everybody upgrade their CMSMS installs as soon as possible.
There is no database schema change in this version, therefore we have provided 'patch' versions to make this easier for those that are running a recent version of CMSMS. You should be able to download the appropriate 'diff' package, and upload it directly to your site(s).
Thank you for your time and consideration.
We would like to thank the people that reported this issue in a professional and mature manner.
© Copyright 2011 by CMSMS™ and the posts author(s). All rights reserved.
2 Responses to "Announcing CMSMS 1.9.4.3 - Security Release"
Can't find the files to download
On: Aug 27, 2011, TC said:
I wanted to download the 1.9.4.3 version and it doesn't seem to be there. Are the download links broken?
Annoucnement on mailing list?
On: Aug 30, 2011, Tom Hendrikx said:
Hi,
Please announce security releases on the anouncement mailing list. For users that have CMSMS working and running well, visiting the website or forums is no daily business. I subscribed to the announcements mailinglist in order to get notified of important updates, and regard security release as such a thing. However it seems that the mailing list is not used as it should be.
Please announce all releases, and take extra care with security releases. Or update the announcements mailinglist description, and make it say that you don't receive relevant announcements through it because <insert lame reasoning here>.
