Join the Mailing List
13 user(s) are online (3 user(s) are browsing News and Articles)
ImpressCMS 1.3.6 Final ReleasedPublished by Skenow on 2014/1/31 (3741 reads)
The ImpressCMS 1.3.6 final release is now available to download. This release, the latest in the ImpressCMS 1.3 branch, provides support for PHP 5.5 and PDO, integrates previously released patches, and added protection for 3 vulnerabilities.
Download 1.3.6 Final
The new release is available for download on the ImpressCMS 1.3 product page.
Most Significant Changes
In this release, we have also addressed 3 vulnerabilities just reported by Pedro Ribeiro (firstname.lastname@example.org) of Agile Information Security Ltd.
3 vulnerabilities exist in ImpressCMS 1.3.5:
- Deletion of arbitrary files in the system
- Cross site scripting (XSS) in 2 files
The XSS can only be exploited with Protector off.
This is from the reporter -
I have nothing but praise for you, as you've been the most helpful, understanding and responsive! There are some PHP CMS which have remote code execution flaws, and the developers told me straight up that they are not interest in fixing it... Be certain that if somebody asks my opinion for the best PHP CMS from a security perspective, I will say ImpressCMS.
PDO (PHP Data Object) and PHP 5.5
PHP is deprecating the mysql extension in PHP 5.5. Beginning with this release of ImpressCMS, the default option for managing the database connections will be PDO. The MySQL functions are still in place, so your existing sites and modules will still use it. If PDO is available on your server, we recommend switching to PDO. You can do this by editing your mainfile.php and changing the db type from 'mysql' to 'pdo.mysql'
PHP 5.5 is also running on many servers - this version of ImpressCMS has been verified to install and run on PHP 5.5. There is some additional work coming that will make ImpressCMS run without warnings and notices in PHP 5.5 strict.
Smarty Patch - Email Protection
The Smarty patch released independently has been integrated into this release. The email protection feature has been moved to a location independent of the Smarty files for better upgrade paths.
The goal of the ImpressCMS Project is to stimulate and promote the open source nature of the CMS in both the core and its modules and establish itself as the premiere CMS by expanding the system to meet the needs of their users now and well into the future.
ImpressCMS is -
Want to get involved?
If you're looking to join the ImpressCMS project, then get on board! All you need to do is head on over and complete the ImpressCMS Team form.
We'd love to connect with you ...
Contact: The ImpressCMS Project, Steve Kenow Spokesperson <email@example.com>