Please disregard the 'View article...' shown at the bottom of many posts as this is the result of restoring old forum posts from a backup.

v2.4.0patch2 released to fix security vulnerabilities and add optional page redirection support

edited November 2016 in Announcements

This patch fixes several issues in the v2.4.0 and v2.4.0patch1 releases and continues to address some security vulnerabilities found in all previous versions of Exponent CMS v2.x. It also adds new optional Page Redirection support. This can be activated by updating the 'Configure Website', Error Messages tab and turning on 'Handle Page Not Found Redirection?'. Page Redirection is then found under the Manage All Pages views. We strongly encourage all Exponent installations be upgraded to v2.4.0 with this patch as soon as practical! Patch #1 to v2.4.0 is found at

v240patch2 adds these features to v240 previous releases:

  • initial implementation of optional page redirection support; must be turned on in site configuration Error Messages, then managed by manage all pages

v240patch2 fixes these issues in v240 previous releases:

  • prevent logged in users from viewing other user records and admins from super-admin records; thanks to pang0lin
  • fix sql injection issue in notfound controller; reported by pang0lin
  • fix db indexes removed during 'remove db unneeded columns' command
  • (regression) fix text accordion view (non-bs/bs3), may have never worked correctly

v240patch2 updates no 3rd party libraries in v240 previous releases:

Sign In or Register to comment.