ANNOUNCING CMSMS 2.2.7 - SKOOKUMCHUCK
Hello everybody,
Today we announce the release of CMS Made Simple v2.2.7 - Skookumchuck. This is a security release and we recommend that everybody upgrade their websites at their earliest convenience.
Today we announce the release of CMS Made Simple v2.2.7 - Skookumchuck. This is a security release and we recommend that everybody upgrade their websites at their earliest convenience.
The primary focus of this release was to fix potential vulnerabilities in the admin login functionality. Including: Fixing an object insertion bug if the login cookie was ever compromised, and fixing an issue where it was potentially possible to forge the cookie by reverse engineering the password salt. Additionally, we have refactored the functionality for resetting forgotten admin passwords and changed the name of the CSRF token that is used on all admin requests.
Secondarily, we modified the FileManager and FilePicker modules to disallow uploading any files that end with a . (dot). This is a minor security enhancement, particularly for windows based hosts.
As normal, the volunteer dev team is only asked to support technical issues with the last two public releases of CMSMS. As of now those are versions 2.2.6 and 2.2.7.
Note: as of CMSMS 2.2.7, the minimum PHP version requirement is 5.6. We recommend 7.1 for improved performance.
For additional information: 2.2.7 Announcement | 2.2.7 Forum Post
Thank you, and have fun with CMS Made Simple!