Announcing CMS Made Simple 1.2.5
May 12th, 2008 by Ted KulpSorry folks. We got word a little bit ago about a security issue, so we pushed out a quick fix to make sure that people can’t take advantage of it. Please update as soon as you can.
Thanks!
Version 1.2.5 “Free Hill” — May 12, 2008
—————–
- Fixed a security issue with the java applet functionality in the File Manager
May 13th, 2008 at 2:51 am
Mmmm, did the diff (from 1.2.4), not much apart from some stuff in Module File Manager, When I try to use FileManger in admin I now get:
“Fatal error: Call to a member function GetFriendlyName() on a non-object in /Library/WebServer/Documents/cmstest/admin/moduleinterface.php on line 120″
I don’t know this module well, but ‘postlet/javaUpload.php’ has the words empty in it??
Russ
May 13th, 2008 at 3:01 am
Re:
“Fatal error: Call to a member function GetFriendlyName() on a non-object in /Library/WebServer/Documents/cmstest/admin/moduleinterface.php on line 120″
Error adter upgrade with diff from 1.2.4 to 1.2.5
File Manger problem solved by copying across the the whole File Manager folder from the full download and then un-installing and re-installing? Not sure why you had to do this though.
May 13th, 2008 at 3:51 am
All we did is wipe out a file that we don’t use. It was part of the java applet’s original download and shouldn’t have been left in. We wanted the file to get overwritten with unusable code.
May 14th, 2008 at 1:29 am
The version.php isn’t changed to 1.2.5.
May 14th, 2008 at 1:31 am
Sorry my fault, downloaded the wrong one
May 15th, 2008 at 10:05 am
So is there any plan to make these needed updates easy to do… It’s time consuming to have to put the install folder, or rename it on the server… get the files and up load them… but back up everything first…
It’d be way simple to have the upgrade php in the diff file… so it’d be 1.) Back up and then 2.) Upload diff files and 3.) Click the button that would appear on the admin home page and boom… let it run and then you’re done… or something like that… just a thought
May 15th, 2008 at 10:24 am
@JeremyBass: When it’s only a code change, there is no need to run the ugprade script. That’s why we don’t include it. Diff files are just made to copy over the old files and that’s it. The upgrade script only comes into play with database changes, and they’re far and few between.
May 15th, 2008 at 3:44 pm
Wow, great update.
Thank you for keeping this software so up-to-date, feature-rich, and of course open source.
I will be donating soon to CMSMS, and hopefully will be able to do so every month after my first donation to help this project. You do so much work, I really commend you.
I do have one question though. How do I go about upgrading to version 1.2.5? I’m using 1.2.4, and don’t want to lose any custom templates or pages..nothing will be lost right?
How do I upgrade? :\
May 15th, 2008 at 3:58 pm
Justice: Get the diff download. It only has a few changed files in it. Just copy over the old files with the new versions in the diff and you’re set.
May 16th, 2008 at 9:58 am
Thanks for the update!!
May 16th, 2008 at 1:55 pm
Ted Kulp: I got ya… thanks for the heads up…
May 17th, 2008 at 11:59 am
Cheers guys, a friend at work pointed me to this one.
May 24th, 2008 at 10:34 am
so would be ok to delete the javaUpload file then?
May 25th, 2008 at 10:13 am
Hey, about a security audit by a 3rd party? They most likely would have found the last 3 problems and helped prevent dozens or even hundreds of CMSms sites from being hacked.
http://www.gdssecurity.com/c/3.php
Hopefully this is something you’ll do before 2.0 is rolled out, but from the looks of it, 1.x could really use it.
May 25th, 2008 at 3:54 pm
Keep up the great work!
May 28th, 2008 at 12:45 pm
Uh huh yep another nice easy update!!
Good work!
June 1st, 2008 at 11:26 pm
Ted Kulp is my Hero
June 6th, 2008 at 9:20 am
My home page and admin show blank..please help