Comments on: Announcing CMS Made Simple 1.1.4.1 - Critical Update

By: Michael Erb

Michael Erb — Sun, 14 Oct 2007 18:27:09 +0000

Thank you for releasing these security updates as quickly as you do.

Anyone who thinks the security updates come too often obviously has never been the victim of a security vulnerability that has been exploited.

By: Yury V. Zaytsev

Yury V. Zaytsev — Thu, 11 Oct 2007 17:46:20 +0000

I wonder why my comments are still avaiting moderation. Did I say anything offensive or what?

By: draak

draak — Thu, 11 Oct 2007 09:05:53 +0000

Guys, this might not be the right place for ideas, but as you are fixing insecurities, how about preventing them.

Synopsis:
preventing insecure logins if https is not available

Solution:
javascript based md5
http://pajhome.org.uk/crypt/md5/auth.html

By: Matt

Matt — Thu, 11 Oct 2007 05:59:36 +0000

I agree Robert, the sooner security related issues are resolved the better.

Keep up the great work!

By: Angelo

Angelo — Wed, 10 Oct 2007 22:32:43 +0000

Crap! I just updated everything from 1.08 to 1.1.3.1. Guess here goes another round of updates.

Any idea if we’ll ever see a way to “share” a codebase so that when I have to update 8-10 CMS installs, I only have to do it once?

Great product… still. And I’ve been a user since the “early” days (Remember, Ted, me and you working to get it working on IIS like 3 years ago?)

By: Robert Campbell

Robert Campbell — Wed, 10 Oct 2007 22:18:41 +0000

Patrick: When somebody finds a security issue would you rather us wait for the next quarter to fix it? Probably not. We jump as fast as possible on security issues, and sometimes we jump too fast and little problems sneak in.

With the upgrade process being as easy as it is (especially if you keep up on the upgrades), I think it’s a better thing to release often, than release rarely.

By: David

David — Tue, 09 Oct 2007 20:02:21 +0000

I Think it is a good thing to fix bugs as soon as possible. The longer you wait, the more time you give potential abusers time to compromise the security of your website and your webserver. Good job and great project!

By: Patrick

Patrick — Tue, 09 Oct 2007 19:26:15 +0000

I love your project too.
But I really think you should stick to a maximum of 4 updates a year, whatever happens !

By: Yury V. Zaytsev

Yury V. Zaytsev — Tue, 09 Oct 2007 16:49:53 +0000

Sorry, /hate/have to/s.

By: Yury V. Zaytsev

Yury V. Zaytsev — Tue, 09 Oct 2007 16:48:54 +0000

Well, as far as I can remember, it was the same thing with all the past 3 releases. I think that you do not need to rush the releases out, so you can hang out for a minute, take a deep breath and make sure you won’t hate roll out an 1.x.x.1 in a few minutes.