Please disregard the 'View article...' shown at the bottom of many posts as this is the result of restoring old forum posts from a backup.

v2.3.9patch1 released to fix several security issues

This patch fixes several issues in the v2.3.9 release. It also provides several tweaks and new features including a 'fill screen' feature for the elFinder file manager, though the main focus is providing several security fixes.  Patch #1 to v2.3.9 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.9-patch-1.zip/download

v239patch1 adds these features to v239:
- update rss/podcast feeds to include language and remove 'generator' comment since we include that element tag

v239patch1 fixes these issues in v239:
- security fix (v2.3.0+) to prevent uploading files to wrong location, thanks to Balisong
- security fix to prevent possible sql injections, thanks to Manuel Garcia Cardenas and PKAV TEAM
- fix filedownload facebook meta tags to include link to audio/video reference if it is 1st attached file
- fix events reminder email embedded links and update styles including using bootstrap2/3 if using that theme framework
- fix possible facebook meta issues; sending wrong 'type'
- fix bootstrap3 calendar views to not display date selector in printer friendly view
- regression fix (v2.3.9) .htaccess is too restrictive for uploaded media files

v239patch1 updates these 3rd party libraries in v239:
- TinyMce to v4.4.3
- CKEditor to v4.5.11
- bootstrap-dialog to v1.35.3
- elfinder to v2.1.15
- mediaelement.js to v2.23.0
- bootstrap duallistbox to v3.0.6
- bootstrap datetimepicker to v4.17.42
- moment.js to v2.15.0 (needed by bootstrap datetimepicker)
- yadcf to v0.9.0

Sign In or Register to comment.