Join the Mailing List
Published by Fiammybe on 2014/6/16 (2761 reads)
Recently, a new security notification had been submitted to CVE without the project being notified beforehand. This has been rectified, and we are preparing the appropriate files for release.
Published by Fiammybe on 2013/7/29 (1235 reads)
Notification about a potential security issue in the Content Module, delivered with ImpressCMS 1.3.4, circulate on the internet. The issuer already got in touch with us in February. However, the ImpressCMS team and more in particular the security expert, could not reproduce the issue.
Published by Skenow on 2011/5/3 (4756 reads)
It has been brought to our attention there is a potential file upload vulnerability in FCKeditor, which is included in ImpressCMS 1.1.x and 1.2.x packages. This vulnerability exists even if you do not have FCKeditor enabled or have the WYSIWYG editors enabled.
In an effort to provide you with the safest possible environment for your websites and balance that with the features you expect, we are releasing an updated package with better security for FCKeditor. You should immediately update your sites with this patch.
Published by Fiammybe on 2010/12/15 (6356 reads)
The ImpressCMS Project announces an important update to the 1.2.x series, addressing 2 vulnerabilities recently discovered.
The first issue was with the imagemanager plugin for TinyMCE, allowing unauthorized creation of image categories. The second is a potential cross site scripting vulnerability in the quicksearch functionality of the ImpressCMS Persistable Framework. This vulnerability required elevated permissions and was only present in the administration area.
This issue has now been fixed in version 1.2.4. The ImpressCMS team urges everyone to upgrade their ImpressCMS installation as soon as possible.
Published by Skenow on 2010/7/13 (3745 reads)
There has been a recent report of a potential vulnerability in the CSSTidy library included with ImpressCMS 1.2.0 and 1.2.1 releases. The vulnerability exists in a file used as a implementation of the CSSTidy classes to demonstrates how the library functions.
This file not used by ImpressCMS and can be removed from your sites.
In fact, it is recommended you remove the file. The file to remove is plugins/csstidy/css_optimiser.php. A patched version of ImpressCMS (version 1.2.2) will be released later today for new installations.
Published by Tom on 2008/12/3 (4082 reads)
ImpressCMS takes security responsibly and as such whenever a vulnerability is found we work around the clock to fix the issue along with intensive testing trials in an attempt to minimise any other issues arrising.