The email is not displayed properly? View the online version.

CMS Made Simple

 

ANNOUNCING CMSMS 2.2.7 - SKOOKUMCHUCK

Hello everybody,
Today we announce the release of CMS Made Simple v2.2.7 - Skookumchuck. This is a security release and we recommend that everybody upgrade their websites at their earliest convenience.

Today we announce the release of CMS Made Simple v2.2.7 - Skookumchuck. This is a security release and we recommend that everybody upgrade their websites at their earliest convenience.

The primary focus of this release was to fix potential vulnerabilities in the admin login functionality. Including: Fixing an object insertion bug if the login cookie was ever compromised, and fixing an issue where it was potentially possible to forge the cookie by reverse engineering the password salt. Additionally, we have refactored the functionality for resetting forgotten admin passwords and changed the name of the CSRF token that is used on all admin requests.

Secondarily, we modified the FileManager and FilePicker modules to disallow uploading any files that end with a . (dot). This is a minor security enhancement, particularly for windows based hosts.

As normal, the volunteer dev team is only asked to support technical issues with the last two public releases of CMSMS. As of now those are versions 2.2.6 and 2.2.7.

Note: as of CMSMS 2.2.7, the minimum PHP version requirement is 5.6. We recommend 7.1 for improved performance.

For additional information: 2.2.7 Announcement | 2.2.7 Forum Post

Thank you, and have fun with CMS Made Simple!

 

 

Have you seen the CMS Made Simple Showcase?
We Love CMSMS
Visit Now!

Word from our Sponsor

                   
CMSMS™ approved Hosting Partner
Copyright © 2017 CMS Made Simple™  All rights reserved.

Visit cmsmadesimple.org
Follow @CMSMS on Twitter

twitter facebook linkedin youtube pinterest

If you don't want to receive any more emails from us, you can Unsubscribe