PivotX 2.3.9
3 March 2014
PivotX version 2.3.9 is now available (security release).
Upgrading to PivotX 2.3.9
PivotX 2.3.9 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply PivotX updates as new versions are released, or use Installatron's Clone feature to duplicate an existing PivotX install to test the 2.3.9 upgrade prior to applying it live. Get started managing your PivotX installations with Installatron
What's New in PivotX 2.3.9
Security issues:
- A file upload vulnerability and various XSS issues on the admin pages. Mitigated by the fact that an attacker must have an PivotX account. All issues require that the attacker has a PivotX account/user, so for sites with multiple users, you will want these patched.
Other bug fixes:
- For flatfile databases: Adding excerpts to the output from getLatestPages so page excerpts are displayed on the dashboard.
- For flatfile databases: 'read_entries' should not change the current entry (since read_entries is used for other things than creating subweblogs).
- Bug fix in session cookie domain - any subdomain named "wwwX" (where X is any character) resulted in an invalid domain for the cookie.
- Set UTF-8 for debug window (and also give it a title).