ClassicPress est une application open source de gestion de contenus (CMS). Dérivé de WordPress en 2019, le développement est orienté sécurité, moins lourd et gourmand en ressources.
Sauvegarde et restauration
1.1.4(version de sécurité)
21 Juin - 55MBClassicPress 1.1.4 is a security release to match the security changes in WordPress versions 5.4.2 and 4.9.15 (both released on June 10, 2020).
- fixed an open redirect issue in wp_validate_redirect()
- fixed an authenticated XSS issue via theme uploads
- fixed an issue where set-screen-option can be misused by plugins leading to privilege escalation
Lire la suite: https://forums.classicpress.net/t/classicpress-1-1-4-release-notes/2371
1.1.3(version de sécurité)
7 Mai - 55MB1.1.3
ClassicPress 1.1.3 is a security release to match the security changes in WordPress versions 5.4.1 and 4.9.14 (both released on April 29, 2020).
If your ClassicPress site has automatic updates enabled (the default configuration), then the new version will be installed automatically. Otherwise, we strongly recommend applying this update from your site’s dashboard as soon as possible.
- fixed an issue where password reset tokens were not properly invalidated
- fixed an issue where certain private posts can be viewed unauthenticated
- fixed an XSS issue in the Customizer
- fixed an XSS issue in wp-object-cache
- fixed an XSS issue in file uploads.
ClassicPress 1.1.2 is a security release to match the security changes in WordPress versions 5.3.1 and 4.9.13 (both released on December 12, 2019).
- fixed an issue where an unprivileged user could make a post sticky via the REST API.
- fixed an issue where cross-site scripting (XSS) could be stored in well-crafted links.
- hardened wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
Lire la suite: https://forums.classicpress.net/t/classicpress-1-1-3-release-notes/2301
16 Novembre 2019 - 55MBClassicPress 1.1.1 is a security release to match the security changes in WordPress versions 5.2.4 and 4.9.12 (both released on October 14, 2019).
Security fixes from ClassicPress 1.1.0
- Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
- Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
- Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
- Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
- Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.
For more information about the security changes in this release, see the WordPress 5.2.4 release notes post.
Other changes from ClassicPress 1.1.0
This release contains two changes to the build process. These changes do not affect the functionality of the ClassicPress release:
- Improve the process for listing/building the emoji feature (details)
- Keep build dependencies up to date (details)
Nos hébergements Web compatibles avec
Hébergement Web 100% SSD
100 Go et +
Gestion avancée des certificats SSL EV et DV
10 Go de VOD
2 CPU et +
6 Go de RAM et +
Ressources 100% dédiées
Infomaniak gère votre serveur
En savoir plus
à partir de CHF 42.- / mois
Prix en CHF