1#@!#!123s

: / var / softaculous / cmssimple /
Filename : changelog.txt
back
Version 2.2.15 - Bonaventure
-------------------------------
Core - General
  - BR #12287 - Admin shortcuts popup refers to IRC.
  - BR #12292 - showbase parameter of metadata tag doesn't accept boolean value.
  - BR #12303 - No date displayed in the admin + category id not incremented.
  - BR #12305 - Removing actual Destination Page breaks Destination Page dropdown in Internal Page Link pages.
  - BR #12311 - log_performance_info - undefined variable: queries.
  - BR #12313 - 5 Stored XSS vulnerabilities in Settings - Content Manager.
  - BR #12317 - XSS on Settings News Module.
  - BR #12325 - Several XSS vulnerabilities.
  - BR #12335 - User pref admin homepage not properly displayed under certain conditions.
  - BR #12337 - GetContentBlockFieldInput $adding always false.
  - BR #12338 - Allow http/2 responses.
  - BR #12357 - Filepicker dropzone size issue.
  - FR #12345 - More user friendly admin session handling (partly implemented).
  - FR #12349 - Swap tabs on System Maintenance page.
  - Browsing to the main admin page in a new browser tab during a running session won't redirect to login form anymore.
  - (Error) messages in OneEleven won't dismiss on click.
  - Fix to Admin redirection after login on Windows platform.
  - Fix to the module API redirection to support arrays in parameters.
  
FileManager v1.6.12
  - Dropzone improvement like core FilePicker.

FilePicker v1.0.5
  - BR #11673 - FilePicker will not show svg images, when in the Content Manager.
  - BR #12312 - Stored XSS vulnerability in File Picker.

News v2.51.11
  - Minor code fix to encoding title content. 
  - BR #12322 - Stored Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.
  - BR #12325 - Several XSS vulnerabilities.

Design Manager v1.1.9
  - Minor fixes for PHP warnings\notices;

Module Manager v2.1.8
  - BR #12291 - Reflected Cross site scripting
  - BR #12324 - Stored Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.
  - Increased the Download Chunk Size field size to 4.
  
MicroTiny v2.2.5
  - BR #12351 - Escaping translation strings in tinymce_config.js.

Search v1.52
  - FR #11886 - Include module and modulerecord fields for content pages.

Phar Installer v1.3.13
  - Fixes to the reload button: now prevents browser's caching 
  - BR #11591 - fixed: Phar installer doesn't work with OPCache enabled
  
Version 2.2.13 - Moosomin
-------------------------------
Core - General
   - Explicitly add a function or two to the allowed functions in PHP secure mode.

DesignManger v1.1.7
   - Fix a warning in PHP 7.3+

FileManager v1.6.10
   - Fix minor XSS vulnerabilities in FileManager.

News v2.51.8
   - Fix a security issue in the default action with the idlist param
   (This version was also separately released in the forge)

Version 2.2.12 - Osoyoos
-------------------------------
NOTICE: Due to the nature of the security issue fixed in FileManager after upgrading you should change your database password.

Core - General
  - Fix warning in cms_html_entity_decode

FileManager v1.6.9.1
  - Security fixes for view action.

Version 2.2.11 - Vulcan
-------------------------------
Core - General
  - Fix minor bug in copying content objects.
  - Minor fix to array indexes when filling params in ContentBase.
  - Fix to the {cms_filepicker} plugin.
  - Minor fix to the 'my account' form.
  - Fix error in cmsms_filepicker.js encountered in LISE.
  - PHP 7.3 fix to DataDictionary::RenameColumnSQL.

CMSContentManager v1.1.8
  - Fix an issue with copying non-core content objects.
  - Minor fixes for php 7.3.

ModuleManager v2.1.7
  - Minor exception handling improvements.
  - Minor improvement to dependency detection with modules that do not exist in ModuleRepository.
  - Minor fixes for php 7.3

News v2.51.6
  - Minor improvements for CMSMS v2.3 compatibility.

Phar Installer v1.3.8
  - Minor change to use include() instead of include_once()... not sure why.

FilePicker v1.0.4.1
  - Fix type error.

Search v1.51.7
  - Minor fixes for php 7.3.
  
Version 2.2.10 - Spuzzum
-------------------------------
Core - General
  - Fix minor potential authenticated object insertion vulnerability in changegroupperm
  - Fix minor potential uncleaned input vulnerability in siteprefs
  - Minor improvement to get_real_ip()
  - Fix to clearing cache in cms_filecache_driver

News v2.51.5
  - Fix unauthenticated SQL injection vulnerability with the default action

ModuleManager v2.1.6
  - Fix authenticated object insertion vulnerability in the installmodule action
  - Improve ordering of the dependencies before installing or upgrading modules.
  - Adds more auditing, particularly in the cached request stuff.

FilePicker v1.0.4
  - Fix authenticated object insertion vulnerability