The email is not displayed properly? View the online version.

CMS Made Simple

 

ANNOUNCING CMSMS 2.2.3 - "HAPPY ADVENTURE"

Continuing with our commitment to quality code, we are announcing the release of 2.2.3 "Happy Adventure", a general stability release.

Hello everybody,

This is a general stability release addressing numerous minor to moderate issues throughout CMSMS, including issues with mixed HTTPS sites, with numbers in page aliases, and with module installation and editing. We have also tweaked the asynchronous job manager and fixed issues with spaces in content block names. These are issues which affect most users of CMSMS.

We also reverted the protocol-less URI functionality introduced in CMSMS 2.2 as this caused various problems with link generation that were not detected in the beta testing period.

Some important things to note are:

In the News module, for security purposes, we no longer urldecode the detailtemplate parameter. This means that under certain conditions you may need to make some modifications to your calls to the News module. Those conditions are:
1. Your detailtemplate has a name that contains extended characters
2. You are calling the News module in a WISYWIG controlled block

Note: It is generally considered a bad idea to call logic blocks like {News} from within WYSIWYG controlled areas. WYSIWYGs are for editors, editors typically do not need to know the internals of CMSMS. As well, typically this generates invalid HTML.

Additionally, The FileManager and FilePicker will no longer allow anybody to directly upload PHP files. This was actually reported as a security vulnerability (thank you to netsparker.com), and though we do not typically address reports requiring malicious intent from trusted admin users, we did change the functionality to make it that much more difficult for editors to corrupt your web application.

As usual, a complete list of the items fixed and changed are available in the changelog that is displayed during the upgrade process and included with the release.

Again we would like to thank Daniel Le Gall from SCRT SA, Switzerland for identifying these vulnerabilities, reporting them to us in a professional manner, and working with us to ensure that they were resolved.

The CMSMS Dev Team now only officially supports CMSMS 2.2.3 and CMSMS 2.2.2 Therefore, it is to your advantage to upgrade as soon as possible.

Thank you, and have fun with CMSMS.

View the official announcement: http://www.cmsmadesimple.org/2017/08/Announcing-CMSMS-2.2.3-Happy-Adventure

 


Word from our Sponsor


CMSMS™ approved Hosting Partner

Copyright © 2017 CMS Made Simple™  All rights reserved.

Visit cmsmadesimple.org
Follow @CMSMS on Twitter

twitter facebook linkedin youtube pinterest

If you don't want to receive any more emails from us, you can Unsubscribe