The email is not displayed properly? View the online version.

CMS Made Simple

Announcing CMSMS 1.12.2 (kolonia)

Hello Everybody.

Today we are announcing CMS Made Simple 1.12.2, a release primarily addressing a security concern.

This release addresses a concern about how the HTTP_HOST header can potentially be spoofed in some circumstances resulting in various problems including the fact that all links from your site could be altered to point to another domain.

We have modified the code such that this is no longer easily possible. This change will not be of a concern for most installations, but on some sites where the same installation of CMS Made Simple can be accessed by requesting different domains some modifications may be required.

In CMSMS 1.12.2 we introduced a new config variable entitled 'host_whitelist' which provides an absolute list of which hosts your installation will support. Developers using installations that support some kind of multi-site configuration will need to review the documentation for this config variable in the doc/config_reference.pdf file distributed with CMSMS 1.12.2 and adjust their config.php file accordingly.

Additionally, there are a few very minor fixes included with 1.12.2, including some fixes to the cms_url class.

This release encapsulates the CMSMailer 5.2.14 security vulnerability that was previously addressed as a new CMSMailer module version.

As previously announced, we will continue to support the 1.12.x series for critical bugs and security fixes until 365 days after the release of CMSMS 2.0, which occurs in September 2016.

Thank you for your time, and we encourage you to upgrade your CMSMS installations as soon as possible. You can download 1.12.2 from the CMSMS forge at:

Many thanks to Mickaƫl WALTER at for finding this issue and kindly reporting it to us.

Thank you for your time, and have fun with CMSMS.

Your CMSMS Dev Team

Word from our Sponsor

CMSMS™ approved Hosting Partner

Copyright © 2015 CMS Made Simple™, All rights reserved.

Follow @CMSMS on Twitter

twitter facebook linkedin youtube pinterest

If you don't want to receive any more emails from us, you can Unsubscribe