CMS Made Simple 1.3.1 - Security Release
June 24th, 2008 by Robert CampbellAfter too long of a delay, due to vacations and time constraints, we’ve released CMS 1.3.1
This is a security release and we recommend everybody upgrade their sites to CMS 1.3.1 as soon as possible.
This release completely removes the postlet file upload stuff from the file manager. It is the postlet stuff that has been causing the problems in the latest releases, and we finally decided just to nuke it. Then, after waiting for a developer to get back from holiday, we had to discuss it, test it, merge it, test it again….
Yes, this release has taken too long to come out, and we apologize for that… we don’t normally do this, and we didn’t intend for this to happen.
This release should resolve all known security releases. It can be downloaded from here
June 25th, 2008 at 1:27 am
Would it not be wise to have the latest version of FileManager available in the Module Manager to fix this issue for people who have added custom code to their installs?
June 25th, 2008 at 5:27 am
I agree. I’ll talk to Sil today about it.
June 25th, 2008 at 8:14 am
Guys,
I realize I’m just an end user, but I also used to do software testing for Quark, Inc. and Creo, Inc. Does this mean that the ability to upload multiple files at a time is gone? I realize that security issues are very important…I sure don’t want my clients getting hacked. Yet, to take away features that were once there isn’t good either. Is there some plan to reimplement this functionality at a later time, when it is coded in such a way as to make it safe to use?
Curious,
Todd Reid
June 25th, 2008 at 8:17 am
There was 2 methods to upload multiple files. One is the standard “multiple upload” boxes method. The 2nd (which you had to enable) was a java applet that had a little more FTP like interface.
We’ve removed the applet, which I feel isn’t a major deal, because most people didn’t even realize it existed as an option.
June 25th, 2008 at 10:01 am
Given my site and my ISP’s server got hacked due to this applet, I’m with Ted on this decision 100%. I take responsibility for not patching the site fast enough but security takes precedence over features every time, no exceptions.
June 25th, 2008 at 10:55 am
Guys,
Agreed…security has to take precedence…just sorry to see a feature that I used frequently, go away.
June 25th, 2008 at 3:28 pm
Any other changes apart from this postlet stuff that I always remove manually anyways?
June 26th, 2008 at 3:01 pm
Serious TinyMCE issue after upgrade from 1.2.5. After I reset the TineMCE options to default settings TinyMCE failed to show up. Does anyone know why this happens? Thanks in advance.
June 26th, 2008 at 7:12 pm
Todd, you still can upload multiple files. You just need to tgz your files and mark the checkbox “Try to unpack file after upload (only tgz and most zip-files)?”
June 27th, 2008 at 5:33 am
Any idea, why since the upgrade to 1.3.1 my {menu} tag doesn’t work anymore? It does not output anything and even prevents rendering the full page.
When I use {cms_module module=’menu’ template=’…’} yet the menu does not show up, but at least the rest of the page is being rendered.
Thanks in advance!
June 27th, 2008 at 9:25 am
For uploading multiple files, how about using the YUI uploader like Flickr: http://www.webresourcesdepot.com/use-flickrs-image-uploader-on-your-website/
June 28th, 2008 at 8:09 pm
My MAIN man, keep up with the updates!!!
<3 EGS
June 30th, 2008 at 1:26 pm
After install tinyMCE quits working±
Remedie: Just uninstall TinyMCE and reinstall using the modules list.
Cause: unknown, perhaps it has something to do with the file upload applet which is removed from v 1.3.1
July 7th, 2008 at 12:35 pm
could you please add a FEATURE LIST to your website - I just visited cmsms for the first time - and I am missing a comprehensive FEATURE LIST that gives me a good overview of what cmsms can do and - most important - what not. Thanks
July 7th, 2008 at 8:13 pm
After switching to CMS 1.3.1 my client has been experiencing the following issues:
Firefox 2.0.0.15 crashes on content submission:
> Client modifies page content
> Cursor freezes after pressing the “submit” button
> after 15-20s FireFox shuts down
TinyMCE does not show up
> reloading the page fixes this issue
FileManager does not load/appear in the “Content” menu
Any help that would allow me to address these issues would be greatly appreciated. I am particularly concerned about Firefox crashing.
Thanks,
July 24th, 2008 at 5:00 am
is it right that i don’t need the update if i am NOT using the applet for uploads?