Announcements

Announcing CMSMS 1.11.6 - Merchena


This release fixes security vulnerabilities in the package and a few significant bugs. We recommend you upgrade your websites as soon as possible.

Category: Releases, General
Posted: April 19, 2013 by mr101010

Today we are announcing an important security release of CMSMS. Thanks to a few users who informed us of the issues we accelerated plans for our release and threw in a few important bug fixes too.

The following issues were addressed in this release:

  1. XSS Vulnerabilities in the core, and in the installer.
  2. Fixes problem with page template parsing wrt the and
    HTML tags.
  3. Fixes a problem with some modules not listening to the stuff... order of execution problem.
  4. Fixes some problems with the Simplex demo theme and touch screen interfaces.

    ** Note, the Simplex theme is not intended to have full functonality on lower resolution devices like phones. It is intended for tablets etc.

EDIT: For your information the sample .htaccess file shipped with CMSMS has been modified to include fixes for other potential points of attack. It may be useful to look at this file and merge the changes into your .htaccess.

Because of the nature of the vulnerabilities, we request people to upgrade their websites as soon as possible.

As of this release the only supported versions of CMSMS are 1.11.5 and 1.11.6.