Lanius CMS v0.5.2 release update

Lanius CMS v0.5.2 release update

Users of Lanius CMS v0.5.2 r1041/r1050/r1094/r1126 should upgrade to v0.5.2 r1249 by using this revision patch; this patch can also be installed via the Install Patch feature, otherwise simply copy the extracted files over the destination Lanius CMS installation (note: this patch is not necessary for the currently released v0.5.2).

Bugfixes

This is a list of almost all changes between Lanius CMS v0.5.2 r1094 and Lanius CMS v0.5.2 r1249.

• fixed error when installing templates
• fixed XHTML encoding issue in com_frontpage paging
• fixed issue 0000113 double escaping when editing forum topics
• fixed issue 0000700 crash when deleting remote URL gallery image
• fixed minor bug in TarBackup class
• fixed issue 0000665 validation errors in "My inbox" page
• fixed issue 0000704 crash when updating/restoring database
• fixed issue 0000687 remote browse button not working
• fixed issue 0000693 length limit not enforced when editing forum section name
• fixed issue 0000692: "Mass-reassign access group" not working on Manage forum sections page
• fixed issue 0000686 crash when creating new user
• fixed issue 0000684 regarding remote images not displaying with thickbox
• fixed issue 0000657 gallery pictures not displaying with IE8
• improved Limbo CMS database import code

Lanius CMS v0.5.2 release update (critical security fix)

Lanius CMS v0.5.2 release update

Users of Lanius CMS v0.5.2 r1041/r1050/r1094 must upgrade to v0.5.2 r1126 by using this revision patch; this patch can also be installed via the Install Patch feature, otherwise simply copy the extracted files over the destination Lanius CMS installation (note: this patch is not necessary for the currently released v0.5.2).

Critical security bugfix

This patch addresses a critical security vulnerability in the upload feature of all Drake CMS >= v0.4.6 and Lanius CMS <= v0.5.2 r1050. You are strongly invited to apply the patch.

The bug allows an attacker to upload a custom script which could then be executed (on most environments). Lanius CMS v0.5.2 r1094 corrects the bug.

Many thanks to EgiX for discovering this bug and kindly reporting it to the Lanius CMS Team.

All users of previous versions of Lanius CMS are invited to upgrade in order to fix this security issue. The current Lanius CMS v0.5.2 installation package does not need to be patched.

Manual patch

If you want to apply a quick containment patch to v0.5.2 <= r1050 (revision 1050 and previous), edit includes/upload.php and modify line 66 this way:

    $thy_name = basename($_FILES[$elem]['name']);

Please apply the revision patch anyway as soon as possible.

Other fixes

• fixed bug in image selection using FCKEditor
• fixed bug about comments being searched even if not published
• fixed crash when accessing weblink category in frontend
• fixed crash when no categories are available in admin backend
• fixed XMLRPC enable/disable code
• less log lines for unauthorized forum profile views
• fixed crash when entering frontpage manager when there are archived items
• restored top toolbar in admin backend pages
• fixed missing editor drabots activation in backend content editor
• fixed hashcash headers generation
• editor drabots also actived for body text
• increased forum maximum wrapping limit

Lanius CMS v0.5.2 released

Lanius CMS v0.5.2 released

Lanius CMS v0.5.2 has been released; this is a major stabilization and feature upgrade of v0.5.1.

You are invited to migrate your previous Drake CMS and Lanius CMS installations to Lanius CMS v0.5.2.

This software product is considered stable and we encourage its usage in production websites.

Plans for Lanius CMS v0.6.0

The Lanius CMS Team is planning major changes for the next release; amongst all, a core release will be split from the current fullpack release. This will allow more packages and more software diversity on Lanius CMS.

Lanius CMS v0.5.2 is like its predecessors, a fully-featured release with limited install/uninstall features. The next release will have a clearer versioning number and full support for 3rd party development. Hold on!

Major differences

• new implementation of CAPTCHA (pluggable)
• anonymous comments through CAPTCHA
• password Quality Indicator now works with Firefox v3.x, Internet Explorer 7.x, Safari v3.2.x and Google Chrome v2.x
• SQL debugging option (to spot bottlenecks and similar)
• documentation integration for admin backend pages
• fixed issues with FCKEditor, which has also been upgraded
• many XHTML validation fixes in both frontend and backend
• major bug fixes and general improvements

A full changelog is available at this address:

http://bugs.laniuscms.org/changelog_page.php

You can use one of the available laniuscms_v0.5.2.{7z,tar.gz,zip} archives (same content in different archive formats).

See also Installation guide.

Backward compatibility

Lanius CMS v0.5.2 fully supports Drake CMS and its predecessors, up to Limbo CMS (only database backups supported). See Update guide#Migration.

Updating from Lanius CMS v0.5.1

See Update guide.

Subsites update

Please edit your subsites subsite/private/config.php file and add the following two lines:

$d_sqldebug="0";

$d_email_name="Webmaster";

Once done that, you should proceed to update the subsite database from the Subsites manager (see Subsites#Updating subsites for information about database update).

Online updates

You can install update patches, language packages (and more) for this version using Online Updates (Administrative Backend -> Packages -> Online Updates).

Lanius CMS v0.5.1 release update (security fix)

Lanius CMS v0.5.1 release update

Users of Lanius CMS v0.5.1 r694/r698/r710/r717/r725/r731/r742/r776/r843/r966 shall upgrade to v0.5.1 r983 by using this patch; this patch can also be installed via the Install Patch feature, otherwise simply copy the extracted files over the destination Lanius CMS installation (note: this patch is not necessary for the currently released v0.5.1).

Security bugfix

This patch addresses a minor security vulnerability in the CAPTCHA handling of all addons. Lanius CMS v0.5.0 and Lanius CMS v0.5.1 (<= 0.5.1 r843) are affected by this bug.

The bug allows an attacker to guess the CAPTCHA key without seeing the image, which could lead to huge spamming rates. Lanius CMS v0.5.1 r983 corrects the bug.

Many thanks to consc198 (C & C Advanced Online Services) for discovering this bug.

All users of previous versions of Lanius CMS are invited to upgrade in order to fix this security issue. The v0.5.1 installation package does not need to be patched.

Lanius CMS v0.5.1 released

Lanius CMS v0.5.1 released

Lanius CMS v0.5.1 has been released; this is a major stabilization and feature upgrade of v0.5.0.

You are invited to migrate your previous Drake CMS and Lanius CMS installations to Lanius CMS v0.5.1.

This software product is considered highly stable and we encourage its usage in production websites.

A full changelog is available at this address:

http://bugs.laniuscms.org/changelog_page.php

You can use one of the available laniuscms_v0.5.1.{7z,tar.gz,zip} archives (same content in different archive formats).

See also Installation guide.

Backward compatibility

Lanius CMS v0.5.1 fully supports Drake CMS and its predecessors, up to Limbo CMS (only database backups supported). See Update guide#Migration.

Updating from Lanius CMS v0.5.0

See Update guide.

Online updates

You can install update patches, language packages (and more) for this version using Online Updates (Administrative Backend -> Packages -> Online Updates).