Announcing CMS Made Simple 1.2.5
May 12, 2008 by Ted Kulp
Sorry folks. We got word a little bit ago about a security issue, so we pushed out a quick fix to make sure that people can't take advantage of it. Please update as soon as you can.
Thanks!
Version 1.2.5 "Free Hill" -- May 12, 2008
-----------------
- Fixed a security issue with the java applet functionality in the File Manager
© Copyright 2008 by CMSMS™ and the posts author(s). All rights reserved.
18 Responses to "Announcing CMS Made Simple 1.2.5"
On: May 13, 2008, Russ said:
Mmmm, did the diff (from 1.2.4), not much apart from some stuff in Module File Manager, When I try to use FileManger in admin I now get:
"Fatal error: Call to a member function GetFriendlyName() on a non-object in /Library/WebServer/Documents/cmstest/admin/moduleinterface.php on line 120"
I don't know this module well, but 'postlet/javaUpload.php' has the words empty in it??
Russ
On: May 13, 2008, Russ said:
Re:
“Fatal error: Call to a member function GetFriendlyName() on a non-object in /Library/WebServer/Documents/cmstest/admin/moduleinterface.php on line 120″
Error adter upgrade with diff from 1.2.4 to 1.2.5
File Manger problem solved by copying across the the whole File Manager folder from the full download and then un-installing and re-installing? Not sure why you had to do this though.
http://cmsmadesimple.org
On: May 13, 2008, Ted Kulp said:
All we did is wipe out a file that we don't use. It was part of the java applet's original download and shouldn't have been left in. We wanted the file to get overwritten with unusable code.
http://www.sierix.nl
On: May 14, 2008, Marijn said:
The version.php isn't changed to 1.2.5.
http://www.sierix.nl
On: May 14, 2008, Marijn said:
Sorry my fault, downloaded the wrong one :P :(
http://sjrmc.org
On: May 15, 2008, jeremyBass said:
So is there any plan to make these needed updates easy to do... It's time consuming to have to put the install folder, or rename it on the server... get the files and up load them... but back up everything first...
It'd be way simple to have the upgrade php in the diff file... so it'd be 1.) Back up and then 2.) Upload diff files and 3.) Click the button that would appear on the admin home page and boom... let it run and then you’re done... or something like that... just a thought :)
http://cmsmadesimple.org
On: May 15, 2008, Ted Kulp said:
@JeremyBass: When it's only a code change, there is no need to run the ugprade script. That's why we don't include it. Diff files are just made to copy over the old files and that's it. The upgrade script only comes into play with database changes, and they're far and few between.
http://www.egamingsupply.com/
On: May 15, 2008, Justice McCay said:
Wow, great update.
Thank you for keeping this software so up-to-date, feature-rich, and of course open source. :)
I will be donating soon to CMSMS, and hopefully will be able to do so every month after my first donation to help this project. You do so much work, I really commend you.
I do have one question though. How do I go about upgrading to version 1.2.5? I'm using 1.2.4, and don't want to lose any custom templates or pages..nothing will be lost right?
How do I upgrade? :\
http://cmsmadesimple.org
On: May 15, 2008, Ted Kulp said:
Justice: Get the diff download. It only has a few changed files in it. Just copy over the old files with the new versions in the diff and you're set.
On: May 16, 2008, ella said:
Thanks for the update!!
http://sjrmc.org
On: May 16, 2008, jeremyBass said:
Ted Kulp: I got ya... thanks for the heads up... :)
http://www.webdistortion.com
On: May 17, 2008, Paul Anthony said:
Cheers guys, a friend at work pointed me to this one.
On: May 24, 2008, john said:
so would be ok to delete the javaUpload file then?
On: May 25, 2008, Bob said:
Hey, about a security audit by a 3rd party? They most likely would have found the last 3 problems and helped prevent dozens or even hundreds of CMSms sites from being hacked.
http://www.gdssecurity.com/c/3.php
Hopefully this is something you'll do before 2.0 is rolled out, but from the looks of it, 1.x could really use it.
On: May 25, 2008, Kevin said:
Keep up the great work!
http://www.planetcy.com
On: May 28, 2008, Cyrus said:
Uh huh yep another nice easy update!! :) Good work!
http://www.konweb.dk
On: Jun 1, 2008, Robert Petersen said:
Ted Kulp is my Hero :-)
http://bgcofslc.org/
On: Jun 6, 2008, mani said:
My home page and admin show blank..please help
