Server upgrade in progress

Server upgrade in progress

Some services (in particular single sign-on) may be broken during the upgrade process; please hold on!

Apologies for any issue caused by this server upgrade.

Online database conversion service

Online database conversion service

A new service is available to all Lanius CMS users: online database conversion facility.

Submit a database backup for conversion

This service allows conversion of any pre-0.6.x Drake CMS/Lanius CMS backup file; also, you can convert Limbo CMS backups using this facility.

Converted backup files will be sent to your email address, along with the conversion logs.

Note: Lanius CMS v0.6.0 has not yet been released, however you can start checking how your migration will work by testing Lanius CMS v0.6.0 and converting your current database to the new system

Update 03 March 2010: the service is now active, thanks to tashunka for telling us that it was not

Open testing of Lanius CMS v0.6.0

Open testing of Lanius CMS v0.6.0

The Lanius CMS Development Team and QA Team are implementing big changes in the current SVN trunk (version 0.6.0); these changes are mostly aimed at CMS modularization, e.g. separation of code, descriptive data, published files and database data.

Please join the efforts of our Testing Team coordinator consc198 and Support Team coordinator trex1512 in order to find all bugs which affect the development version.

Also, we would like to hear your feedback if you think something got wrong in v0.6.0 (the next version of Lanius CMS).

Thank you

Important notice

As already stated in the Development Area, DO NOT use any development version in production environments and DO NOT put important data on it. The database data created with a development version is not supported.

How to get the development version

1. download an SVN snapshot

2. use an svn client:

svn co https://laniuscms.svn.sourceforge.net/svnroot/laniuscms/core/trunk/ laniuscms_unstable_0.6.0

Testing areas

The Lanius CMS Development, Support and QA Teams are interested in gathering feedback about the following testing areas:

• import of database backups from previous Lanius CMS/Drake CMS/Limbo CMS versions;
• accessability and usability issues, e.g. if something that was previously working in your CMS usage scenario is not working anymore;
• new SQLite database driver, which has been improved and made more reliable;
• new Microsoft ® SQL Server ® driver, available for both versions 1.0 (sqlsrv10) and 1.1 (sqlsrvng);
• Native MIDAS/MSHTML editor;
• layout issues.

You can of course make any kind of test, as far as you use supported database backups.

Lanius CMS v0.5.2 release update (security fix)

Lanius CMS v0.5.2 release update (security fix)

Users of Lanius CMS v0.5.2 v0.5.2 r1041/r1050/r1094/r1126/r1249/r1277/r1475/r1660 must upgrade to v0.5.2 r1668 by using this revision patch; this patch can also be installed via the Install Patch feature, otherwise simply copy the extracted files over the destination Lanius CMS installation (note: this patch is not necessary for the currently released v0.5.2).

Medium risk vulnerability fixed

This patch addresses a medium risk vulnerability which affects all Drake CMS and all Lanius CMS previous to v0.5.2 r1668. You are strongly invited to apply the patch.

Vulnerability affects only installations where the wrapper drabot is enabled; an attacker can add wrapper syntax inside a content item which might not be recognized by the reviewer, thus be published directly. This is because a reviewer might not examine the XHTML source to spot such wrapper drabot inclusions, or even not know about how the wrapper drabot works.

Lanius CMS v0.5.2 r1668 fixes the vulnerability by removing the wrapper syntax when the content item is saved (if the user is not a manager/administrator).

All users of previous versions of Lanius CMS are invited to upgrade in order to fix this security issue. The current Lanius CMS v0.5.2 r1668 installation package does not need to be patched

Vulnerability containment

If you want to quickly contain the vulnerability disable the drabot wrapper; also all submitted content should be searched for previously added drabot wrapper syntax which malicious users could have added in submitted content items.

Updating from Lanius CMS v0.5.2 r1475

A bug (issue 776) affecting only this version will prevent you to install the patch through file upload. Please extract the revision patch contents into the Lanius CMS website or use the local/remote installation features.

Lanius CMS v0.5.2 release update

Lanius CMS v0.5.2 release update

Users of Lanius CMS v0.5.2 r1041/r1050/r1094/r1126/r1249/r1277/r1475 should upgrade to v0.5.2 r1660 by using this revision patch; this patch can also be installed via the Install Patch feature, otherwise simply copy the extracted files over the destination Lanius CMS installation (note: this patch is not necessary for the currently released v0.5.2).

Bugfixes

This is a list of all changes between Lanius CMS v0.5.2 r1475 and Lanius CMS v0.5.2 r1660.

• fixed error relateed to missing forum_profile.xml from English language.xml
• fixed crash on download item deletion
• updated htmLawed to v1.1.8.1
• fixed notices during installation
• fixed crash at any file upload (introduced in r1475)

Download

Downloads area