Please disregard the 'View article...' shown at the bottom of many posts as this is the result of restoring old forum posts from a backup.

v2.3.8patch3 released to fix two security vulnerabilities, with additional fixes and new features

edited June 2016 in Announcements
The third patch to the v2.3.8 release is available primarily to fix two security vulnerabilities. v2.3.8 patch #3 can be applied to any site already running v2.3.8, v2.3.8patch1 and v2.3.8patch2. It should be noted that the new 'Update permissions' upgrade scripts will help lock down the site by updating ALL file and folder permissions except for the 'cgi-bin' folder, including turning off the 'execute' bit. We recommend any site running v2.3.0 or later to update to v2.3.8 then install this patch. INSTALL AS AN EXTENSION PATCH, https://sourceforge.net/projects/exponentcms/files/exponent-2.3.8-patch-3.zip/download

v238patch3 adds these features to v238, v238patch1 and v238patch2:
- add remove empty tags upgrade script
- elFinder adds small device/display support
- adds error catching to text module inline edit view if user is logged out at server (and live edit view still visible)
- update database manager to use a much enhanced table search filter

v238patch3 fixes these issues in v238, v238patch1 and v238patch2:
- fix security issue with database manager: Security Advisory XS3C-2016-05-20 reported by Julian Held
- fix security issue with pixidou editor: Security Advisory XS3C-2016-05-19 reported by Julian Held
- regression fix (238p2) visual cue (border) when hovering over editable text in ONLY text module inline edit view
- regression fix (238p2) module configuration settings view broken on non-bs3 themes due to attached files view selection code problem
- regression fix navigation manage by sitemap standalone pages link was invalid
- fix some issues with eaas; regression fix 'aboutus' request would always fail, adds quick module item count to 'aboutus' request, removes some unnecessary clauses from aggregate modules sql statement
- fix expTheme::runAction() to not spit out a 403 error for the 'current page' if issued an ajax request/action (kills some ajax requestors)

v238patch3 updates these 3rd party libraries in v238, v238patch1 and v238patch2:
- elFinder to v2.1.12
- owl carousel to v2.1.5
Sign In or Register to comment.