CMS Made Simple 1.3.1 - Security Release
Jun 24, 2008 by Robert Campbell
After too long of a delay, due to vacations and time constraints, we've released CMS 1.3.1
This is a security release and we recommend everybody upgrade their sites to CMS 1.3.1 as soon as possible.
This release completely removes the postlet file upload stuff from the file manager. It is the postlet stuff that has been causing the problems in the latest releases, and we finally decided just to nuke it. Then, after waiting for a developer to get back from holiday, we had to discuss it, test it, merge it, test it again....
Yes, this release has taken too long to come out, and we apologize for that... we don't normally do this, and we didn't intend for this to happen.
This release should resolve all known security releases. It can be downloaded from here
© Copyright 2008 by CMSMS™ and the posts author(s). All rights reserved.
16 Responses to "CMS Made Simple 1.3.1 - Security Release"
On: Jun 25, 2008, CB said:
Would it not be wise to have the latest version of FileManager available in the Module Manager to fix this issue for people who have added custom code to their installs?
http://cmsmadesimple.org
On: Jun 25, 2008, Ted Kulp said:
I agree. I'll talk to Sil today about it.
http://www.ntegritydesign.com
On: Jun 25, 2008, Todd Reid said:
Guys,
I realize I'm just an end user, but I also used to do software testing for Quark, Inc. and Creo, Inc. Does this mean that the ability to upload multiple files at a time is gone? I realize that security issues are very important...I sure don't want my clients getting hacked. Yet, to take away features that were once there isn't good either. Is there some plan to reimplement this functionality at a later time, when it is coded in such a way as to make it safe to use?
Curious,
Todd Reid
http://cmsmadesimple.org
On: Jun 25, 2008, Ted Kulp said:
There was 2 methods to upload multiple files. One is the standard "multiple upload" boxes method. The 2nd (which you had to enable) was a java applet that had a little more FTP like interface.
We've removed the applet, which I feel isn't a major deal, because most people didn't even realize it existed as an option.
On: Jun 25, 2008, Scott Tyson said:
Given my site and my ISP's server got hacked due to this applet, I'm with Ted on this decision 100%. I take responsibility for not patching the site fast enough but security takes precedence over features every time, no exceptions.
http://www.ntegritydesign.com
On: Jun 25, 2008, Todd Reid said:
Guys,
Agreed...security has to take precedence...just sorry to see a feature that I used frequently, go away.
http://zaytsev.net
On: Jun 25, 2008, ZYV said:
Any other changes apart from this postlet stuff that I always remove manually anyways?
On: Jun 26, 2008, Leonard said:
Serious TinyMCE issue after upgrade from 1.2.5. After I reset the TineMCE options to default settings TinyMCE failed to show up. Does anyone know why this happens? Thanks in advance.
http://dzo.com.br
On: Jun 26, 2008, Aleph Ozuas said:
Todd, you still can upload multiple files. You just need to tgz your files and mark the checkbox "Try to unpack file after upload (only tgz and most zip-files)?"
http://www.sbkfcso.de
On: Jun 27, 2008, Markus said:
Any idea, why since the upgrade to 1.3.1 my {menu} tag doesn't work anymore? It does not output anything and even prevents rendering the full page.
When I use {cms_module module='menu' template='...'} yet the menu does not show up, but at least the rest of the page is being rendered.
Thanks in advance!
On: Jun 27, 2008, dhtml12345 said:
For uploading multiple files, how about using the YUI uploader like Flickr: http://www.webresourcesdepot.com/use-flickrs-image-uploader-on-your-website/
http://www.egamingsupply.com
On: Jun 28, 2008, Justice McCay said:
My MAIN man, keep up with the updates!!!
<3 EGS
On: Jun 30, 2008, jans said:
After install tinyMCE quits working±
Remedie: Just uninstall TinyMCE and reinstall using the modules list.
Cause: unknown, perhaps it has something to do with the file upload applet which is removed from v 1.3.1
http://tor.eff.org
On: Jul 7, 2008, FEATURE LIST PLEASE said:
could you please add a FEATURE LIST to your website - I just visited cmsms for the first time - and I am missing a comprehensive FEATURE LIST that gives me a good overview of what cmsms can do and - most important - what not. Thanks
http://www.billhine.org
On: Jul 7, 2008, Peter Schaefer said:
After switching to CMS 1.3.1 my client has been experiencing the following issues:
Firefox 2.0.0.15 crashes on content submission:
> Client modifies page content
> Cursor freezes after pressing the "submit" button
> after 15-20s FireFox shuts down
TinyMCE does not show up
> reloading the page fixes this issue
FileManager does not load/appear in the "Content" menu
Any help that would allow me to address these issues would be greatly appreciated. I am particularly concerned about Firefox crashing.
Thanks,
http://igs7.at
On: Jul 24, 2008, NashBridges said:
is it right that i don't need the update if i am NOT using the applet for uploads?
