Hosting PyroCMS

2.2.5

7 June 2014 - 35MBThis vulnerability effects all CodeIgniter installations (PyroCMS is built on top of CodeIgniter). On some server setups, this vulnerability allows a user to crack the "encrypted" session cookie and inject their own data into the session key. This can happen on any application running on top of CodeIgniter which does not have the mcrypt extension installed.



A good piece of news is that PyroCMS uses the database as a store for its session data, so all that can really be done is that the sessionid can be injected into the session cookie. This _can lead to a session hijack if a malicious user can guess a valid session_id, but the chances of that are slim. Regardless, it could happen, so updating is required.
Read more: http://docs.pyrocms.com/2.2/manual/reference/changelog






2.2.4

28 April 2014 - 35MBRead more: http://docs.pyrocms.com/2.2/manual/reference/changelog






2.2.3

13 August 2013 - 35MBImprovements

Removed a flag in the WYSIWYG field type that was incompatible with php 5.3 and older

Read more: http://docs.pyrocms.com/2.2/manual/reference/changelog#2_2_3-august-13-2013






2.2.2

12 August 2013 - 35MBImprovements

Added new Lithuanian language translations
Fixes a bug for parse_param plugin attribute being passed to tag generators (img)
Altered options field in the settings table to allow for larger option strings
Fixed CKEditor moono-dark theme width in Safari
Fixed vertical alignment of  on admin shortcut buttons
After delete, show message in files manager on error, not just success
Fixing issue with editing stream relationship fields
Drastically improved speed on large paginated stream results.
Validate input type in choices field
Fixing name variable issue with admin user preview
Fixing missing recaptcha config load.
Don't add the js/css files for the image field type multiple times.
Fixes streams field.choice form dropdown value - Issue #2729
Adding parent class to the navigation plugin.
Added 'filesize' to File Field Type
Adding alternator to list of allowed functions
Updated spanish translations, translated remain items
Treat 0 or '0' as nonempty values in Lex
Allow getstreamfields to prefix the field slugs.
Update filters partial for Blog admin
Fixing Overzealous Caching in the Pages module
When saving keywords, delete existing applied keywords first
Adding query caching for streams row model.
Changing the way theme details classes are spawned
Add indexes for quick DB queries
Fixes html entities when validation fails. Fixes #2614, #2476, #2787
Fixes #2741, First Name and Last Name are now undeletable.
Fixes #2787. WYSIWYG would strip characters when decoding on some systems
Add obendclean to a few places that need it in order for the admin to work correctly when gzip is enabled
RSS feeds were being double parsed. This was forcing the