Announcing CMSMS 2.1.3 - Black Point
Today we are announcing another maintenance and security release for the 2.x series of CMS Made Simple. This release comprises the security fixes released in 1.12.2 as well as numerous other fixes. We recommend you upgrade your websites to 2.1.3 at your earliest convenience.
Many thanks to Mickaël WALTER at i-tracing.com for finding the vulnerability and kindly reporting it to us.
Here is a brief description of some of the things fixed in 2.1.3:
- Implement the HTTP_HOST fixes and parameter cleaning fixes introduced in 1.12.2
- Fix for endless loops caused when calculating page alias in some utf-8 environments (Some WAMP environments)
- Fixes and improvements to the distributed .htaccess file(s)
- Our distributed sample doc/htaccess.txt has more security improvements
- We no longer distribute .htaccess files in subdirectories
- Fixes a problem with the system verification code
- Optimize the LoadContentFromId() method to be typesafe, and more efficient
- Fixes to the Uninstall/Re-install of Navigator
- Fix News so that no errors are returned if no results match the specified filter.
- Fixes to the installation assistant with relation to PHP7, and improve the README files.
- Minor fix to FileManager when moving a folder.
As usual, the distributed changelog in both the installation assistant and the doc folder after upgrade give more details on specific changes.
As per our support policy, we request that our Dev Team supports the two most recently distributed versions of CMSMS. At this time, those are CMSMS 2.1.2 and CMSMS 2.1.3. So, you are encouraged to upgrade. The 1.12 series of CMSMS will be supported until September 2016 for critical bugs and security issues only.
Thank you for your time, and have fun with CMS Made Simple.
comments powered by Disqus