The ImpressCMS developers are releasing version 1.0.3 as a stable final release, addressing a small vulnerability reported to the ImpressCMS Security Team (security@impresscms.org) in the userranks administration of ImpressCMS 1.0.2. Adminstrator access was required to exploit the vulnerability, but in the interest of security and in a commitment to having the best CMS available, this release has been made.

The updated release is available for download from our SourcForge repository we recommend you apply this to your 1.0.x sites at your earliest opportunity.

With this release, all fields are now properly sanitized and the vulnerability has been removed. We believe security is very important and appreciate all reports of potential vulnerabilities. If you think you've found something and would like us to look into it then please report it to member of our community. ImpressCMS 1.0.x is only being maintained for security releases and is the last version that fully supports PHP4. All further development is making full use of PHP5. If you have not done so already, we recommend moving your site to PHP5.

Now that ImpressCMS 1.1 has been released, this marks the beginning of the end of support for the ImpressCMS 1.0 branch. Support will continue through 31 December 2008 and until that date, only security fixes will be released.