Make a Lasting Impression
News and Articles > The ImpressCMS Project Announcement > Security patch available for ImpressCMS 1.3.9

Security patch available for ImpressCMS 1.3.9

Published by Fiammybe on 2016/10/29 (998 reads)
Security patch available for ImpressCMS 1.3.9

Today we propose the following patch to fix a number of vulnerabilities in core functionalities, in anticipation of the 1.3.10 release that will include them as well. Apply this patch on top of an existing 1.3.9 setup to get the latest security update.


Patch file


This patch file replaces existing files in your ImpressCMS 1.3.9 installation in order to fix the reported vulnerabilities. Simply unzip the file in the root of your site (where mainfile.php resides). If you are not yet using ImpressCMS 1.3.9, but an older version, we recommend you upgrade your site to that latest version - ImpressCMS 1.3.9 (and apply the patch after that). Newer versions include code fixes for bugs and vulnerabilities of the previous versions.


Download the patch file


Vulnerabilities


This patch fixes the following vulnerabilities:


  • Cross-Site scripting (XSS) vulnerability in the IPF Table renderer
  • SSRF vulnerability in the image editor plugins
  • Cross-Site Scripting (XSS) vulnerability in the Image Editor 

It is recommended to install the patch as soon as possible, but don't forget to make a backup of your site before you do, as best practice.

Navigate through the articles
Previous article ImpressCMS 1.3.10 security release We're Back After a Brief Holiday Next article
The comments are owned by the poster. We aren't responsible for their content.
Poster Thread
fiammybe
Posted: 2016/10/30 22:43  Updated: 2016/10/30 22:43
Home away from home
Joined: 2009/3/3
From: Belgium
Posts: 1952
 Re: Security patch available for ImpressCMS 1.3.9
This is a first patch in a long time, and I'd like to have some feedback if you would like this kind of files released more often.
Also, will you install the patch, or will you wait for 1.3.10 when it comes around in the next few weeks?
Madfish
Posted: 2016/10/31 10:48  Updated: 2016/10/31 10:48
Home away from home
Joined: 2007/12/4
From:
Posts: 1201
 Re: Security patch available for ImpressCMS 1.3.9
I stick security patches on as soon as I can get hold of them. But in general, I prefer small patches to huge ones.
skenow
Posted: 2016/11/6 0:02  Updated: 2016/11/6 0:02
Home away from home
Joined: 2007/12/4
From:
Posts: 4242
 Re: Security patch available for ImpressCMS 1.3.9
Security patches do take priority - though I do tend to be a testing ground for any patches and releases ahead of time

To further on David's question - how do you monitor for patches and releases? For ImpressCMS and any other platform or application you use