Please disregard the 'View article...' shown at the bottom of many posts as this is the result of restoring old forum posts from a backup.
Patches Released for V2.3.1, V2.2.3, and V2.1.4
We've fixed a security issue in our current release and some of our older versions and now have a patches available to fix this specific issue:
* Fixes cross-site security issue
The v2.1.4 patch #3 download is found at https://github.com/exponentcms/exponent-cms/releases/download/v2.1.4patch3/exponent-2.1.4-patch-3.zip.
The v2.2.3 patch #6 download is found at https://github.com/exponentcms/exponent-cms/releases/download/v2.2.3patch6/exponent-2.2.3-patch-6.zip.
In addition to this fix, several other fixes are included in patch #1 to v2.3.1 found at https://github.com/exponentcms/exponent-cms/releases/download/v2.3.1patch1/exponent-2.3.1-patch-1a.zip.
v2.3.1patch1 fixes these issues in v2.3.1:
* !!! Fixes cross-site security issue
* Re-introduces old (0.9x) theme compatibility if OLD_THEME_COMPATIBLE constant is set in the theme config.php settings file
* Fixes issue where IE fixes would be applied since they were loaded before the stylesheets
* Fixes issue with possible mangled meta tags (due to bad user input)
* Fixes issue where message queue wasn't always displayed
* Fixes issue in a dropdown control where both 'blank item' and 'no items' would be listed
* Fixes shipping/billing calculator upgrade script to run on all upgrades
* Updates removal of some old libraries left in after ugprade from v2.3.0 to v2.3.1
* Adds comment to .htaccess file to help with issues running from subfolder
* Fixes bad refs for .htaccess error documents
* Fixes some issues saving bootstraptheme/bootstrap3theme theme configuration setting changes
* Fix display of showlogin view for bootstrap3
* Fixes bad closing tag on new 'message' smarty function
* Fixes issue where MOTD item allowed setting of 'any month' was not allowed
* Fixes expSession to deal with mangled $user session variable
* Fixes expUtil::browser() method to work w/ php v5.2.1
* Fix for possible database manager write error reporting 'Invalid CSRF token'
* More graceful exit from an upgrade if the database is down
* Fixes styling of DataTables Tabletools for non-bootstrap views
* Now allows sorting by 'is admin' for manage user view
* Fixes issue w/ CKEditor (only elFinder support fixed) where image size didn't appear in insert image dialog after file selection, now also transfers 'alt' from file manager
View article...
* Fixes cross-site security issue
The v2.1.4 patch #3 download is found at https://github.com/exponentcms/exponent-cms/releases/download/v2.1.4patch3/exponent-2.1.4-patch-3.zip.
The v2.2.3 patch #6 download is found at https://github.com/exponentcms/exponent-cms/releases/download/v2.2.3patch6/exponent-2.2.3-patch-6.zip.
In addition to this fix, several other fixes are included in patch #1 to v2.3.1 found at https://github.com/exponentcms/exponent-cms/releases/download/v2.3.1patch1/exponent-2.3.1-patch-1a.zip.
v2.3.1patch1 fixes these issues in v2.3.1:
* !!! Fixes cross-site security issue
* Re-introduces old (0.9x) theme compatibility if OLD_THEME_COMPATIBLE constant is set in the theme config.php settings file
* Fixes issue where IE fixes would be applied since they were loaded before the stylesheets
* Fixes issue with possible mangled meta tags (due to bad user input)
* Fixes issue where message queue wasn't always displayed
* Fixes issue in a dropdown control where both 'blank item' and 'no items' would be listed
* Fixes shipping/billing calculator upgrade script to run on all upgrades
* Updates removal of some old libraries left in after ugprade from v2.3.0 to v2.3.1
* Adds comment to .htaccess file to help with issues running from subfolder
* Fixes bad refs for .htaccess error documents
* Fixes some issues saving bootstraptheme/bootstrap3theme theme configuration setting changes
* Fix display of showlogin view for bootstrap3
* Fixes bad closing tag on new 'message' smarty function
* Fixes issue where MOTD item allowed setting of 'any month' was not allowed
* Fixes expSession to deal with mangled $user session variable
* Fixes expUtil::browser() method to work w/ php v5.2.1
* Fix for possible database manager write error reporting 'Invalid CSRF token'
* More graceful exit from an upgrade if the database is down
* Fixes styling of DataTables Tabletools for non-bootstrap views
* Now allows sorting by 'is admin' for manage user view
* Fixes issue w/ CKEditor (only elFinder support fixed) where image size didn't appear in insert image dialog after file selection, now also transfers 'alt' from file manager
View article...
Comments
* Fixes cross-site security issue
The v2.1.4 patch #3 download is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.1.4-patch-3.zip/download.
The v2.2.3 patch #6 download is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.2.3-patch-6.zip/download.
In addition to this fix, several other fixes are included in patch #1 to v2.3.1 found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.1-patch-1a.zip/download.
v2.3.1patch1 fixes these issues in v2.3.1:
* !!! Fixes cross-site security issue
* Re-introduces old (0.9x) theme compatibility if OLD_THEME_COMPATIBLE constant is set in the theme config.php settings file
* Fixes issue where IE fixes would be applied since they were loaded before the stylesheets
* Fixes issue with possible mangled meta tags (due to bad user input)
* Fixes issue where message queue wasn't always displayed
* Fixes issue in a dropdown control where both 'blank item' and 'no items' would be listed
* Fixes shipping/billing calculator upgrade script to run on all upgrades
* Updates removal of some old libraries left in after ugprade from v2.3.0 to v2.3.1
* Adds comment to .htaccess file to help with issues running from subfolder
* Fixes bad refs for .htaccess error documents
* Fixes some issues saving bootstraptheme/bootstrap3theme theme configuration setting changes
* Fix display of showlogin view for bootstrap3
* Fixes bad closing tag on new 'message' smarty function
* Fixes issue where MOTD item allowed setting of 'any month' was not allowed
* Fixes expSession to deal with mangled $user session variable
* Fixes expUtil::browser() method to work w/ php v5.2.1
* Fix for possible database manager write error reporting 'Invalid CSRF token'
* More graceful exit from an upgrade if the database is down
* Fixes styling of DataTables Tabletools for non-bootstrap views
* Now allows sorting by 'is admin' for manage user view
* Fixes issue w/ CKEditor (only elFinder support fixed) where image size didn't appear in insert image dialog after file selection, now also transfers 'alt' from file manager
View article...
* Fixes cross-site security issue
The v2.1.4 patch #3 download is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.1.4-patch-3.zip/download.
The v2.2.3 patch #6 download is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.2.3-patch-6.zip/download.
In addition to this fix, several other fixes are included in patch #1 to v2.3.1 found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.1-patch-1a.zip/download.
v2.3.1patch1 fixes these issues in v2.3.1:
* !!! Fixes cross-site security issue
* Re-introduces old (0.9x) theme compatibility if OLD_THEME_COMPATIBLE constant is set in the theme config.php settings file
* Fixes issue where IE fixes would be applied since they were loaded before the stylesheets
* Fixes issue with possible mangled meta tags (due to bad user input)
* Fixes issue where message queue wasn't always displayed
* Fixes issue in a dropdown control where both 'blank item' and 'no items' would be listed
* Fixes shipping/billing calculator upgrade script to run on all upgrades
* Updates removal of some old libraries left in after ugprade from v2.3.0 to v2.3.1
* Adds comment to .htaccess file to help with issues running from subfolder
* Fixes bad refs for .htaccess error documents
* Fixes some issues saving bootstraptheme/bootstrap3theme theme configuration setting changes
* Fix display of showlogin view for bootstrap3
* Fixes bad closing tag on new 'message' smarty function
* Fixes issue where MOTD item allowed setting of 'any month' was not allowed
* Fixes expSession to deal with mangled $user session variable
* Fixes expUtil::browser() method to work w/ php v5.2.1
* Fix for possible database manager write error reporting 'Invalid CSRF token'
* More graceful exit from an upgrade if the database is down
* Fixes styling of DataTables Tabletools for non-bootstrap views
* Now allows sorting by 'is admin' for manage user view
* Fixes issue w/ CKEditor (only elFinder support fixed) where image size didn't appear in insert image dialog after file selection, now also transfers 'alt' from file manager
View article...