CMS Made Simple 2.2.15
1 November 2020
CMS Made Simple version 2.2.15 is now available (security release).
Upgrading to CMS Made Simple 2.2.15
CMS Made Simple 2.2.15 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply CMS Made Simple updates as new versions are released, or use Installatron's Clone feature to duplicate an existing CMS Made Simple install to test the 2.2.15 upgrade prior to applying it live. Get started managing your CMS Made Simple installations with Installatron
What's New in CMS Made Simple 2.2.15
Core - General
- Admin shortcuts popup refers to IRC.
- showbase parameter of metadata tag doesn't accept boolean value.
- No date displayed in the admin + category id not incremented.
- Removing actual Destination Page breaks Destination Page dropdown in Internal Page Link pages.
- log_performance_info - undefined variable: queries.
- 5 Stored XSS vulnerabilities in Settings - Content Manager.
- XSS on Settings News Module.
- Several XSS vulnerabilities.
- User pref admin homepage not properly displayed under certain conditions.
- GetContentBlockFieldInput $adding always false.
- Allow http/2 responses.
- Filepicker dropzone size issue.
- More user friendly admin session handling (partly implemented).
- Swap tabs on System Maintenance page.
- Browsing to the main admin page in a new browser tab during a running session won't redirect to login form anymore.
- (Error) messages in OneEleven won't dismiss on click.
- Fix to Admin redirection after login on Windows platform.
- Fix to the module API redirection to support arrays in parameters.
FileManager v1.6.12
- Dropzone improvement like core FilePicker.
FilePicker v1.0.5
- FilePicker will not show svg images, when in the Content Manager.
- Stored XSS vulnerability in File Picker.
News v2.51.11
- Minor code fix to encoding title content.
- Stored Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.
- Several XSS vulnerabilities.
Design Manager v1.1.9
- Minor fixes for PHP warnings\notices;
Module Manager v2.1.8
- Reflected Cross site scripting
- Stored Cross-Site Scripting. Minor, because it can only be performed by a person that has access rights to the Admin panel.
- Increased the Download Chunk Size field size to 4.
MicroTiny v2.2.5
- Escaping translation strings in tinymce_config.js.
Search v1.52
- Include module and modulerecord fields for content pages.
Phar Installer v1.3.13
- Fixes to the reload button: now prevents browser's caching
- fixed: Phar installer doesn't work with OPCache enabled