Please disregard the 'View article...' shown at the bottom of many posts as this is the result of restoring old forum posts from a backup.

v2.4.1patch1 released to fix several issues including a security vulnerability and email failure

edited March 2017 in Announcements

This patch fixes several issues in the v2.4.1 release especially mailing failures and a security vulnerability in the elFinder file manager.. We strongly encourage all Exponent installations be upgraded to v2.4.1 with this patch as soon as practical! Patch #1 to v2.4.1 is found at

v241patch1 adds no features to v241:

v241patch1 fixes these issues in v241:

  • fix fatal crash when sending emails
  • Unrestricted File Deletion / Upload Vulnerability in elFinder, reported by mm

v241patch1 updates these 3rd party libraries in v241:

  • update tinymce to v4.5.2
  • update ckeditor to v4.6.2
  • update elFinder to v2.1.20
  • update mediaelement.js to v2.23.5


  • I'm having trouble getting this to install. I went to Admin -> Super Admin Tools -> Extensions -> Install Extension -> Upload Extension. Then I selected the zip file to upload, checked the box to patch Exponent and clicked the Upload Extension button. Chrome says its 100% uploaded and then I get this.

    photo exp241_p1error_zpsmjd3az8ypng
  • Did you check the 'Install as Patch' box before doing this? The 'install as patch' option installs the files into the root folder, leaving it unchecked installs them into the theme as a 'custom' module. My assumption is you've extracted the files into your theme.
  • Yes, I checked the 'Install as Patch' box. 
  • Well I got the patch to install. I used my SSH connection to my server. I navigated into the root web directory, then used wget to download the zip file. Then I used the unzip command to extract it. Finally I logged into the site and was prompted to update the database. I did and now the site shows its updated. 
Sign In or Register to comment.