Hosting CMS Made Simple

2.2.15
 (release di sicurezza)
1 Novembre 2020 - 45MBCore - General

Admin shortcuts popup refers to IRC.

showbase parameter of metadata tag doesn't accept boolean value.

No date displayed in the admin + category id not incremented.

Removing actual Destination Page breaks Destination Page dropdown in Internal Page Link pages.

log_performance_info - undefined variable: queries.

5 Stored XSS vulnerabilities in Settings - Content Manager.

XSS on Settings News Module.

Several XSS vulnerabilities.

User pref admin homepage not properly displayed under certain conditions.

GetContentBlockFieldInput $adding always false.

Allow http/2 responses.

Filepicker dropzone size issue.

More user friendly admin session handling (partly implemented).

Swap tabs on System Maintenance page.

Browsing to the main admin page in a new browser tab during a running session won't redirect to login form anymore.

(Error) messages in OneEleven won't dismiss on click.

Fix to Admin redirection after login on Windows platform.

Fix to the module API redirection to support arrays in parameters.



FileManager v1.6.12

Dropzone improvement like core FilePicker.



FilePicker v1.0.5

FilePicker will not show svg images, when in the Content Manager.

Stored XSS vulnerability in File Picker.



News v2.51.11

Minor code fix to encoding title content.

Stored Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.

Several XSS vulnerabilities.



Design Manager v1.1.9

Minor fixes for PHP warnings\notices;



Module Manager v2.1.8

Reflected Cross site scripting

Stored Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.

Increased the Download Chunk Size field size to 4.



MicroTiny v2.2.5

Escaping translation strings in tinymce_config.js.



Search v1.52

Include module and modulerecord fields for content pages.



Phar Installer v1.3.13

Fixes to the reload button: now prevents browser's caching

fixed: Phar installer doesn't work with OPCache enabled

Per saperne di più: https://www.cmsmadesimple.org/2020/10/Announcing-CMS-Made-Simple-v2.2.15-Bonaventure






2.2.14

31 Marzo 2020 - 45MBBug Fixes

Add Shortcut from Shortcuts modal broken.

Fixes to the class.CmsAdminThemeBase.php regarding main sections title and breadcrumbs generation.

Explicitly add function_exists and getimagesize functions to the allowed functions in PHP secure mode.

Improved Error Console template.

Site Prefs, remove submit confirmation.

System Maintenance, remove confirmation update page hierarchy positions and routes.

cms_http_request PHP 7.4 fix "Array and string offset access syntax with curly braces is deprecated".

Backend users, fixed the bulk actions.

CronJobTrait undefined constants.

Stored Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.

Internal page link - selecting destination page problem.

AdminSearch v1.0.5 - Remove click thru warning.

CMSContentManager v1.1.9 - Fix notices in edit content template.

CMSContentManager v1.1.9 - Fix notice in default admin view.

DesignManager v1.1.8 - BR #12225 - Reflected Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.

FileManager v1.6.11 - Don’t disable advanced mode on upgrade.

FileManager v1.6.11 - Fix adding double // in site root link.

FileManager v1.6.11 - FileManager 1.6.10 crashes when trying to rename a file.

FileManager v1.6.11 - Reflected Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.

News v2.51.9 - Minor code fix.

News v2.51.9 - Alert on unapproved articles disabled by default. Enable at Settings >> Options tab.

News v2.51.9 - Can't display image in news when using upload field.

News v2.51.9 - Stored Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.

Phar Installer v1.3.9 - PHP 7.4 fix "Array and string offset access syntax with curly braces is deprecated".

Phar Installer v1.3.9 - PHP 7.4 fix "Function get_magic_quotes_runtime() is deprecated".

Search v1.51.8 - PHP 7.4 fix "Array and string offset access syntax with curly braces is deprecated".

Per saperne di più: https://www.cmsmadesimple.org/2020/03/Announcing-CMS-Made-Simple-v2.2.14-TSou-ke






2.2.13
 (release di sicurezza)
5 Dicembre 2019 - 45MBThis version fixes a minor security issue in the FileManager module, a couple of PHP Warnings related to PHP 7.3+, and adds a few more functions to those allowed to be used in Smarty without enabling the permissive Smarty config option. Additionally, this version contains v2.51.8 of the News module which was released some time ago to address a significant security issue.



Security

FileManager v1.6.10: Fix minor XSS vulnerabilities in FileManager.

News v2.51.8: Fix a security issue in the default action with the idlist param. This version was also separately released in the forge.



Bugfixes

Explicitly add a function or two to the allowed functions in PHP secure mode.

DesignManger v1.1.7: Fix a warning in PHP 7.3+

Per saperne di più: https://www.cmsmadesimple.org/2019/12/Announcing-CMS-Made-Simple-v2.2.13-Moosomin






2.2.12
 (release di sicurezza)
24 Settembre 2019 - 45MBNOTICE

Due to the nature of the security issue fixed in FileManager, after upgrading you should change your database password!



Security

Fix major security bug in FileManager.

Per saperne di più: https://www.cmsmadesimple.org/2019/09/Announcing-CMS-Made-Simple-v2.2.12-Osoyoos



visualizzare più versioni




2.2.11

6 Settembre 2019 - 45MBCore

Fix minor bug in copying content objects.

Minor fix to array indexes when filling params in ContentBase.

Fix to the {cms_filepicker} plugin.

Minor fix to the 'my account' form.

Fix error in cmsms_filepicker.js encountered in LISE.

PHP 7.3 fix to DataDictionary::RenameColumnSQL.



CMSContentManager v1.1.8

Fix an issue with copying non-core content objects.

Minor fixes for php 7.3.



ModuleManager v2.1.7

Minor exception handling improvements.

Minor improvement to dependency detection with modules that do not exist in ModuleRepository.

Minor fixes for php 7.3



News v2.51.6

Minor improvements for CMSMS v2.3 compatibility.



Phar Installer v1.3.8

Minor change to use include() instead of include_once()... not sure why.



FilePicker v1.0.4.1

Fix type error.



Search v1.51.7

Minor fixes for php 7.3.

Per saperne di più: https://www.cmsmadesimple.org/2019/09/CMSMS-v2.2.11-Vulcan






2.2.10
 (release di sicurezza)
14 Marzo 2019 - 45MBSecurity

An SQL injection vulnerability in the default action was fixed. This is the primary, critical reason for this release.

The ModuleManager received some bug fixes when installing a module that had numerous dependencies. And a minor object insertion vulnerability.

A couple of minor authenticated security vulnerabilities were fixed in the core and the FilePicker module. Additionally some minor fixes to the file cache driver, and IP address detection.

Per saperne di più: https://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzum






2.2.8

19 Settembre 2018 - 45MB
Re-introduce the host_whitelist config entry that got lost in some commit somewhere.

Minor fix to pagination in Admin log.

Change Finnish locale priorities so that UTF-8 is first.

Minor fix to calling hooks with a single associative array parameter.

Adds new HookManager::do_hook_first_result() method

cangegroupperms now calls HookManager::do_hook_first_result

Minor enhancement to moduleoperations::_load_module() to check if the class exists.

Minor enhancement to {cms_action_url} wrt. the page to link to if not specified.

Deprecate CMSModule::SetParameterType and CMSModule::CreateParameter methods.

Deprecate ModuleOperations::GetModuleParameters() method.

CMSModule::RestrictUnknownParameters() now does nothing.

No longer warn if a module is sent a parameter that is not registered.

PHP 7.2+ fixes.

Fix the inactive param in the page_attr plugin.

Per saperne di più: https://www.cmsmadesimple.org/2018/07/Announcing-CMSMS-2.2.8-Flin-Flon






2.2.7

11 Maggio 2018 - 45MB2.2.7



Announcements

As of version 2.2.7, the minimum PHP version requirement is 5.6. We recommend PHP 7.1 for improved performance.



Bug Fixes

- Change internal CSRF variable name

- Fix object insertion bug via deserialize in LoginOperations

- Fix issue where login cookie contents could be forged by determining the hashing salt

- Refactor the mechanism for generating and verifying admin account password reset codes.

- FileManager: No longer allow uploading files with names that end in .

- FilePicker: No longer allow uploading files with names that end in .

- Search : Minor fix to microtime calls.



2.2.6



WARNINGS

This version introduces some breakage in third party modules that used old, antiquated methods of preparing flash messages in the admin console. These modules should be updated to use the SetMessage and SetError methods instead.



Bug Fixes

- Fixes to AdminAlerts::load_by_name()

- SetMessage() and SetError() in the module API now use session variables

- Remove support for module_error and module_action request parameters in admin module actions.

- Add call to check_login() in admin actions that were missing them.

- Search: Fix notice in PHP 7.1: A non well formed numeric value encountered...



2.2.5



Bug Fixes

Fix minor security issue in the way login information was cached in cookies and the session.

Simplify rules around alias editing/generation in fillparams: 1/ If the alias field exists then we can adjust its value or recalculate an alias. 2/ Use basic properties, and ownership and permissions to determine if that field exists on the edit form.

Minor fixes to the CmsJobManager.

Per saperne di più: https://www.cmsmadesimple.org/2018/03/Announcing-CMSMS-2.2.7-Skookumchuck






2.2.3.1

3 Ottobre 2017 - 45MBThis is a general stability release addressing numerous minor to moderate issues throughout CMSMS.



Highlights

Fixed issues with mixed HTTPS sites, with numbers in page aliases, and with module installation and editing.

Tweaked the asynchronous job manager and fixed issues with spaces in content block names.

We also reverted the protocol-less URI functionality introduced in CMSMS 2.2 as this caused various problems with link generation that were not detected in the beta testing period.

Fixes a single issue with respect to processing mact requests if mact_preprocessing is enabled (the default) and a content block exists in the template before the default {content} block.

Per saperne di più: https://www.cmsmadesimple.org/2017/08/Announcing-CMSMS-2.2.3-Happy-Adventure/






2.2.2
 (versione principale)
15 Luglio 2017 - 45MBToday we are happy to announce the latest release in the continuing life of your favorite content management system. Version 2.1.6 is an important release combining numerous stability fixes, and an important security fix as well. Therefore, we encourage everybody to upgrade their websites at their earliest convenience.



Some of the things changed in this version include:

Behavior improvements in Module Manager and in the daily version check if for some reason the CMSMS server is unreachable.

For security purposes, we now set the meta referrer tag in the OneEleven admin theme for all admin requests.

Improvements to the admin login and various API functions with respect to the CSRF security key on each request.

Fixes to the ordering of content blocks when using {content_image} and/or {content_module}.

Fix to Content Manager relating to the set non-cacheable bulk operation.

Improvements to the detection of a temporary directory for expanding files in the installation assistant.

Per saperne di più: http://cmsmadesimple.org/2016/12/Announcing-CMSMS-v2-1-6-Spanish-Wells/






2.1.6

17 Gennaio 2017 - 45MBToday we are happy to announce the latest release in the continuing life of your favorite content management system. Version 2.1.6 is an important release combining numerous stability fixes, and an important security fix as well. Therefore, we encourage everybody to upgrade their websites at their earliest convenience.



Some of the things changed in this version include:

Behavior improvements in Module Manager and in the daily version check if for some reason the CMSMS server is unreachable.
For security purposes, we now set the meta referrer tag in the OneEleven admin theme for all admin requests.
Improvements to the admin login and various API functions with respect to the CSRF security key on each request.
Fixes to the ordering of content blocks when using {content_image} and/or {content_module}.
Fix to Content Manager relating to the set non-cacheable bulk operation.
Improvements to the detection of a temporary directory for expanding files in the installation assistant.

Per saperne di più: http://cmsmadesimple.org/2016/12/Announcing-CMSMS-v2-1-6-Spanish-Wells/






2.1.5
 (versione principale) (release di sicurezza)
7 Settembre 2016 - 45MBToday we would like to announce the release of CMS Made Simple version 2.1.5 - High Rock. This is a stability release fixing a number of issues that have surfaced over the past two months. Though none of the issues are show stoppers, there are issues that generally affect the usability of CMSMS. Therefore, we recommend that everybody upgrade their websites as soon as possible.



Some of the issues fixed in this release include:

Fixes to the 404 handler when using pretty URLs and a page-id could not be determined from the route
Improvements to the page alias mechanism when a page alias is already supplied
Fix a problem with editing of uid=1 by another admin user
More fixes to the clearing of cached files
Improvements to the way modules are installed and upgraded directly from the forge
Ensure that the 'Manage Stylesheets' permission exists for sites that were upgraded from CMSMS 1.12


Version 2.1.4 - Freetown

Fix to the clear_cached_file() method which should fix problems with module installation.
Minor tweak to distributed sample htaccess.txt file.
Phar Installer: Fixes issues with respect to hanging on step 7 when suhosin PHP addon was installed.
Phar Installer: Minor PHP7 Fixes.


Version 2.1.3 - Black Point

Security fix to prevent HTTP_HOST attacks. Many thanks to I-TRACING (www.i-tracing.com) for reporting it!!
Remove stub .htaccess files from subdirectories
Update the included sample htaccess.txt file for security
Fix for endless loop when calculating a page alias in utf-8 environments 
Fix for endless loop when calculating a page alias and a page name/title ended with -
Fixes a notice on the login page
Optimize LoadContentFromId() to be typesafe, and use default page, if the id passed in is invalid
Fix error condition if there were no default default design, or default page template
Fix problem with system verification.
#10825 - Admin-account settings don't remember startpage if you set one
#10874 - When creating a page and the title has specific characters, CMSMS stops responding
#10910 - content and content_module order incorrect Admin page
#10911 - 'Use Admin Search' permission not being used in 2.1.2
#10921 - Content Field to Display in Name Column not used
AdminSearch v1.0.1: Minor fix to permissions checks.
Navigator v1.0.3: Improved exception handling on install 
News v2.50.5: Fix error condition if no results were returned
Installation Assistant v1.0.3.1: Tweaks to README files
Installation Assistant v1.0.3.1: Improved error handling in some circumstances
Installation Assistant v1.0.3.1: Fix some PHP7 issues.
FileManager: #10871 - Filemanager moving folder


Version 2.1.2

Minor fix to missing lang string stuff
Fixes to home page preferences
API documentation fixes (minor)
Fixes for ajax_content (the ajax routine behind the parent selector in edit content) to handle ordering inconsistencies.
Remove die statement in is_email
Minor fix to the relative_time modifier.
Upgrade PHPMailer to 5.2.14
Now do a check for E_ALL in the system info
News v2.50.4: Now all field definitions can be deleted 
ModuleManager v2.0.2: Revamp module dependency calculations when installing a module.
ModuleManager v2.0.2: Minor fix for some notices in install and upgrade modules.
ModuleManager v2.0.2: Minor typo fixes.
ModuleManager v2.0.2: Minor fixes for PHP7
MenuManager v1.50.2: make sure that uninstall cleans up properly.
MicroTiny v2.0.3: minor template fix.
MicroTiny v2.0.3: fixes for stylesheet overrides.


Version 2.1.1 - Nicholls Town

Fix the template compiler so that content blocks can be placed within sub templates and detected with the {include} tag.
Fix minor problem with checksum verification.
Fix to the cms_cache_handler class
Minor fix to SetAllPageHierarchies()
Correct location where session was started in frontend displays.
Fix the default option for {content_image}
Modify the locker to use a beacon if supported, when unlocking.
Fix missing permissions when a 1.12 site was upgraded (installation assistant)
CMSContentmanager v1.1: Minor template changes in edit content wrt. locking
CMSContentmanager v1.1: Adds ability to clear content locks (admins can clear all locks, regular users can only clear their locks)
CMSContentmanager v1.1: Enhancements to the action to bulk set designs to show only page templates by default, but to optionally show more.
DesignManager v1.1.1: Minor template changes in edit content wrt. locking
DesignManager v1.1.1: Adds ability to clear template and css locks (admins can clear all locks, regular users can only clear their locks)


Version 2.1 - Bahamas

Minor performance tweaks to sample htaccess.txt
Minor fix to the ProcessTemplateFromDatabase module API method.
Improvements and re-factor the way headers are sent wrt caching
Add a new method to the ModuleOperations class to allow a module to be within a namespace.
Enhances the Group class.
Enhancements and fixes to the cms_url class.
Modified the $mod->smarty reference to be smarter... it is now deprecated.
Fixes issue with https requests (#10697)
Modifies The CmsLayoutTemplate class and CmsLayoutTemplateQuery to allow filtering on listable or non listable
or setting a template as listable (default) or non listable

Fixes a problem with styling of the login form if tasks must be run AND a module needs upgrading.
Fixes to the cloning of templates in CmsLayoutTemplate
Fixes problem with SetAllHierarchyPositions that cleared the entire cache instead of only the necessary part of it.
Adds the unloadCancel handler to the lockManager jquery plugin.
Moves version.php and include.php inside the lib directory so that they are easier to protect from unwanted direct access.
Fixes to page alias tests when manually entering a page alias.
Missing language strings are no longer output to Admin log, but to the debug log.
Requests for modules that are not installed/enabled, or for invalid actions will now result in 404 errors.
Fixed problem where restricted content editors could implicitly change the page alias.
Improvements to the system information page, particularly the bbcode output.
cms_init_editor, form_start, and cms_action_url plugins are no longer cachable.
Adds the 'adminonly' option to the {content}, {content_image}, and {content_module} tags to allow only members of the 'Admin' group to manipulate the values of that block.
Add a trivial check to the sitedown message to make sure that it is not empty.
Minor fixes for PHP 7
MicroTiny v2.0.2: Now add page hierarchy to autocomplete text when using the linker.
MicroTiny v2.0.2: Now use $smarty->CreateTemplate for clarity when compling the config template
MicroTiny v2.0.2: Now explicitly assign urls so that they do not get caced by smarty.
MicroTiny v2.0.2: Slightly tweak the default HTML content in the example tab.
MicroTiny v2.0.2: Updated tinymce to the latest 4.2.7 version, included the 'paste' plugin, and turned on 'paste_as_text'.
MicroTiny v2.0.2: Added the ability to enable the table plugin, now distribute the table plugin
CMSContentManager v1.0.2: Fix problem with pagedefault metadata.
CMSContentManager v1.0.2: Fixes for handling no listable templates for a design
CMSContentManager v1.0.2: More work with locking. With only one exception all locking and unlocking is initiated via javascript.
CMSContentManager v1.0.2: Minor fix to copycontent
DesignManager v1.1: Adds ability to toggle the listability of a template.
DesignManager v1.1: Fixes problems with lost changes if there is a syntax error in the template.
DesignManager v1.1: More work with locking. With only one exception all locking and unlocking is initiated via javascript.
News v2.50.3: Fixes minor issue with pagination in News admin console.
News v2.50.3: Fix errors in the default form template.
News v2.50.3: Fixed URL to long issues on redirection after adding/editing article.
Search v1.50.2: Minor PHP7 fixes.
ModuleManager 2.0.1: Minor fix to which modules could be uninstalled and deactivated.

Per saperne di più: http://cmsmadesimple.org/2016/08/Announcing-CMSMS-2-1-5-High-Rock/






1.12.2
 (release di sicurezza)
25 Giugno 2015 - 45MBThis release addresses a concern about how the HTTP_HOST header can potentially be spoofed in some circumstances resulting in various problems including the fact that all links from your site could be altered to point to another domain. We have modified the code such that this is no longer easily possible. This change will not be of a concern for most installations, but on some sites where the same installation of CMS Made Simple can be accessed by requesting different domains some modifications may be required.



In CMSMS 1.12.2 we also introduced a new config variable entitled 'host_whitelist' which provides an absolute list of which hosts your installation will support. Developers using installations that support some kind of multi-site configuration will need to review the documentation for this config variable in the doc/config_reference.pdf file distributed with CMSMS 1.12.2 and adjust their config.php file accordingly.



Additionally, there are a few very minor fixes included with 1.12.2, including some fixes to the cms_url class.



Core - General

Improvements to the cms_url class.
Security fix to prevent HTTP_HOST attacks
use FILTER_SANITIZE_STRING to clean the $_SERVER data before loading config stuff.


CMSMailer 5.2.14

Includes security fixes released as a module separately

Per saperne di più: http://cmsmadesimple.org/2016/03/Announcing-CMSMS-1-12-2-kolonia/






1.12.1

2 Settembre 2015 - 45MBCore - General

Fix issues with global smarty variables not being copied into new templates when new templates are created
Minor performance tweaks to the sample htaccess.txt file
Minor improvements to the robots.txt file
CMSMS global smarty variables are now using assignGlobal
Minor security improvements to login data before calling events
Improved the get_template_vars plugin
Fixed name parameter for the {content_image} tag
Custom database connection failure message
Minor improvements to the cms_url class
Minor improvement to the module API's create_url method
Refactor the ContentOperations::setAllHierarchyPositions() method. Should result in dramatic performance improvements when editing content on large sites
Add the CMS_Content_Block::reset() method and call it from Content::parse_content_blocks()
ContentEditPost() event is now sent AFTER ContentOperations::setAllHierarchyPositions() is called
  

Core - Bug Reports

#5337 ContentEditPost event fires too early upon creation of a new page


Search 1.7.13

Minor improvement to re-index all content


MenuManager 1.8.7

Make sure we reset the static plugin stuff on all upgrades


News 2.15.2

#10497 News can't display only one item per page

Per saperne di più: http://cmsmadesimple.org/2015/08/Announcing-CMSMS-1-12-1-Rontiki/






1.12
 (versione principale) (release di sicurezza)
13 Aprile 2015 - 45MBThis release can be called a 'security and stability' release where we primarily made changes related to security, but also attempted to resolve or improve a number of outstanding issues.



The biggest changes in this release are related to security. First, we now require, and enforce that register_globals (a PHP setting that has long been considered insecure, and is removed from newer versions of PHP, see: http://php.net/manual/en/security.globals.php) be completely disabled in your CMSMS install. Secondly, we have removed the {eval} statements from the factory default News summary and detail templates. This will prevent content submitted by un-verified users from doing nasty things with smarty. And thirdly (though not last) we made some changes in our smarty config to improve security.



Along with the security fixes we have improved the homepage functionality in the CMSMS admin console, fixed some lingering minor issues, and generally improved the stability of your favourite content management system. Because this is a security release, we do encourage everybody to upgrade their CMSMS websites as soon as possible. As of now, per our support policy the only two officially supported versions of CMSMS are 1.11.13 and 1.12.



Core - General

Now require that register_globals be OFF. This may generate errors for some sites, you MUST change their PHP config if register_globals is on! [Security fix]
Smarty template security fix
Replace stub file for function.process_pagedata.php
Fixes Admin homepage issue (Note: current homepage must be reset!)
Adds the CmsAdminUtils class (new utility class for Admin requests). Currently with two static methods
Fixes to HTML entity decoding
PHP 5.2.x compatibility issues
Remove the html_entity_decode_utf8 function (should only have been used in the core). We now have one standard cms_html_entity_decode function
Minor fix to {cms_selflink}
Remove some extra whitespace from editcontent and edittemplate
Increase Image Manager height
Fixes issue with French locale string
Fixes #9598 - Issues with cancel button in changegroupperm and changegroupassign


News

Remove {eval} from factory default display templates (will not effect existing installs) [Security fix]
Fixes #10129 - DoS by specifying extra-large pagelimit (now maximum of 1000) [Security fix]
Fixes #10452 - Browsecat counting articles that do not start yet

Per saperne di più: http://www.cmsmadesimple.org/2015/04/Announcing-CMS-Made-Simple-1-12-Pohnpei/






1.11.13
 (release di sicurezza)
23 Febbraio 2015 - 45MBThis is an important security release! The issues we found were related to reliable ways to generate a full path disclosure, and to XSS vulnerabilities, and potential flooding and denial of service attacks in the News fesubmit feature. Additionally, though minor, we fixed an XSS vulnerability in the add and edit bookmark functionality in the admin interface. These vulnerabilities apply to all versions of CMSMS.



The News fesubmit feature that allows site visitors to submit News articles was particularly vulnerable. Although we do not think that this feature is used much, it is available, and all CMSMS sites that use the News module, or have it enabled, are vulnerable to attack. The new version of News now has an option to enable the fesubmit feature, which is OFF by default. This means that upon upgrade, the sites that do use the fesubmit feature of News must explicitly enable it in the module settings.



Because of the important nature of these security issues, we recommend that everybody upgrade all of their websites to CMSMS 1.11.13 as soon as possible. As per our support policy, the only supported versions of CMSMS as of this release are 1.11.13 and 1.11.12.
Per saperne di più: http://www.cmsmadesimple.org/2015/02/Announcing-CMS-Made-Simple-1-11-13-Security-Release/






1.11.12

12 Gennaio 2015 - 45MBThis is largely a maintenance release. Many nagging little problems have been resolved to improve the general usability and stability of CMSMS.



Core - General

Fixes ShowMessage() and ShowErrors() when using the NCleanGrey Admin theme
now determine SSL requests in a centralized, and consistent manner
dynamic root_url calculations now correctly determine schema
Using HTTPS by default now works for new pages
Minor fix for default content type selection when loading an object
Rationalize HTTPS request detection
Adds a new 403 exception
Adds a new method IsPermitted in the Content base class
Ensure that 404 and 403 errors do not cache
Fixes to caching of block plugins
Fixes to caching of content blocks on non cachable pages
now set a global variable CMSMS_GENERATING_XML when generating an XML file


Core - MicroTiny

Improvements to URL generation


Core - Bug Reports

#10170 Incorrect setting for session_cache_limiter() in include.php

Per saperne di più: http://www.cmsmadesimple.org/2015/01/Announcing-CMS-Made-Simple-1-11-12-Seymour-Norte/






1.11.11

10 Agosto 2014 - 45MBThis release includes some minor core module improvements, including an upgrade to MicroTiny to improve IE11 support, Module Manager help and about display fixes, and a fix for sorting by category in the News module. Core improvements include module loading, installer timezone handling, and various minor security and performance updates and bugfixes.



Core - General:

Minor improvements to module loading
Minor fix to error console
xajax now cleans buffers before outputting anything
Improvements to behavior of the 'label' parameter on content_module blocks
Enable adodb transactions
Fix minor security issue with changegroupperms
Minor bug fixes wrt static routes
Now update dependencies when a module is upgraded
Fixes #10135


Core - Installer:

Minor change to timezone handling


Core - Module Manager:

Fixes problem with displaying help and about


Core - News:

Fixed sorting by category


Core - MicroTiny:

Updated to tinymce 3.5.11 to fix IE11 issues
Now use "forced_root_block: 'p'" to ensure that newlines generate paragraphs, and ctrl+enter generates 
tags.
Per saperne di più: http://www.cmsmadesimple.org/2014/08/Announcing-CMSMS-1-11-11-San-Cristobal/






1.11.10
 (release di sicurezza)
1 Febbraio 2014 - 45MBThis release includes upgrades to Smarty, jQuery, jQuery UI, the blueimp file upload mechanism, a few small bug fixes, fixes for one or two security vulnerabilities, and an improvement to the module loading mechanism. The security key used in each and every admin request has been upgraded from 8 to 16 characters to minimize the likelihood of any brute force attacks being able to hack into your website. This will mean that everybody will probably have to login anew.



Core - General:

New versions of jquery, jquery-ui, blueimp-uploader
Makes security key 16 characters long
Smarty template engine upgraded to version 3.1.16
Fixes to function signatures, and fix a notice in cms_module_smarty_plugin_manager


Core - MicroTiny:

Minor fix to MicroTiny


Core - FileManager:

Fix and cleanup filemanager templates


Core - News:

Fix potential SQL injection vulnerability wrt the sortby parameter

Per saperne di più: http://www.cmsmadesimple.org/2014/02/Announcing-CMSMS-1-11-10-Pinzon/






1.11.9
 (release di sicurezza)
28 Settembre 2013 - 45MBThe last release of CMSMS was only a couple of weeks ago, and, normally, we do not like to release versions of CMSMS so quickly. However, there was a problem with the 1.11.8 release that we did not detect until a few days after release, and since there were a few bugs with respect to this release that were worth fixing we thought it better to fix the code and call the release 1.11.9. Due to the fact that some issues with respect to security and PHP 5.3 dependencies were fixed, we recommend that everybody upgrade to version 1.11.9 as soon as possible.



Core - General:

Fixes version.php to represent new schema
Users with 'Modify Any Page' and 'Remove Content' can delete almost any page
Fixes minor issue with event handlers
Removes a debug limit on caching in contentoperations
Robots don't index Error Console pages
Only show technical details on the Error Console page to logged in administrators
Entropy improvement in the cookie used to stay loggedin


Core - Search:

Fixes PHP 5.3 dependency


Core - Bug Reports:

#9549 CMSMS 1.11.8 performance regression


Core - CMSMailer:

No longer send SMTP password in plain text

Per saperne di più: http://www.cmsmadesimple.org/cms-made-simple-1-11-9-bartolome/






1.11.8
 (release di sicurezza)
9 Settembre 2013 - 45MBThis release brings a few minor features, some performance improvements, documentation improvements, a Smarty upgrade, and a number of bug fixes (including a minor security issue). There is something for everybody in this release; everyone is encouraged to upgrade their websites as soon as possible.
Per saperne di più: http://www.cmsmadesimple.org/announcing-cmsms-1-11-8-fioreana/






1.11.7

25 Maggio 2013 - 45MB
Added set_db_timezone config option which will execute the mysql command SET timezone attempting to solve the problem with date calculates wrt server timezone vs. user timezone.  Config option defaults to FALSE until CMSMS 2.0
Fixes BR#9269. Now it actually validates if output of get_real_ip() is actual IP address. Added another validation to login.php. Thanks to LeakFree.nl for reporting this!

Per saperne di più: http://www.cmsmadesimple.org/cmsms-1-11-7-genovesa/






1.11.6

19 Aprile 2013 - 45MBThe following issues were addressed in this release:

XSS Vulnerabilities in the core, and in the installer.
Fixes problem with page template parsing wrt the and HTML tags.
Fixes a problem with some modules not listening to the stuff... order of execution problem.
Fixes some problems with the Simplex demo theme and touch screen interfaces. Note, the Simplex theme is not intended to have full functonality on lower resolution devices like phones. It is intended for tablets etc.

Per saperne di più: http://www.cmsmadesimple.org/2013/04/Announcing-CMSMS-1-11-6/






1.11.5

23 Marzo 2013 - 45MBAmong the fixes in this version is a change to the behavior of Global Content Blocks. From 1.11.5 onward, the name of GCBs can only contain alphanumeric characters and the underscore. This is because Smarty treats some special characters (particularly the ":") differently in its parsing mechanism. For the same reason, ThemeManager has been changed to use "//" as a delimiter between the theme name and the template or stylesheet name when importing an XML theme.



Core - General

Global Content Blocks (GCB's) can now only have letters and numbers in the name!!
Fixes to caching issues in MenuManager and module templates
Admin module actions now catch an exception
Fixes problem with error_reporting, takes error_reporting correctly from php.ini
Fixes problem with contentprecompile not being fired
Significant performance improvement in admin theme calculations (fixes silly error)
Fix typo in /lib/classes/module_support/modtemplates.inc.php
Fixes issue with compilation process of stylesheets when using smarty tags
Fixes issue with showtemplate=false causing ajax stuff to be called twice
Fixes issue with aliases on sectionheaders being navigable. (Now throws 404 error)
Modules can no longer be upgraded if the schema version in the database does not match the version.php file (this solves the problem of the modules being upgraded too early in the upgrade process)
Fixes problem with module_help links in the OneEleven admin theme
Fixes problem where CMSMS internal parser mixed