Concrete CMS 5.6.3.1
3 April 2014
Concrete CMS version 5.6.3.1 is now available (security release).
Upgrading to Concrete CMS 5.6.3.1
Concrete CMS 5.6.3.1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Concrete CMS updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Concrete CMS install to test the 5.6.3.1 upgrade prior to applying it live. Get started managing your Concrete CMS installations with Installatron
What's New in Concrete CMS 5.6.3.1
Security Fixes
- Removed incorrect permission checks on file replace that would only check whether user had access to add files (and not replace the particular file.) (thanks Mnkras)
- Removed potential email buffer overflow bug in MySQL.
- Don't show that a page is pending approval unless they can view the toolbar (thanks Mnkras)
- Removed potential display of broken SQL query when passing arrays as tags to be viewed (note: no SQL injection potential.)
- Removed XSS vulnerability in Open Flash Chart third party library by removing library.
- Removed XSS vulnerability in SecurImage helper files by removing unneeded helper HTML files in third party library
Features
- Better mobile support for dashboard (thanks hissy!)
- Improved performance when running concrete5 on a site that uses multiple languages (thanks mlocati.)
Bug Fixes
- Fixed Empty Trash removes content NOT in Trash (thanks mlocati)!
- Fixed Can't move an alias – it moves original page (thanks mlocati!)
- Fixed http://www.concrete5.org/developers/bugs/5-6-3/unable-to-download-multiple-files-under-some-circumstances/ (Thanks mlocati)!
- Fixed inability to save date picker date in some circumstances (thanks Remo.)
- Fixed inability to upload multiple files in file manager (thanks mlocati!)
- Fixed open_basedir warning error when logging in if open_basedir protection is enabled (thanks NKay)
- Fixed Rich Text Editor "Simple" mode not translated (thanks Remo).
- Fallback to GD library if processing with Imagick fails (thanks mlocati).
- fixed errors that displayed when opening an image that didn’t exist on systems with the Imagick extension installed (thanks mlocati)!
- Fix toolbar not showing on aliased pages when logged in (thanks francz)
- Fixed http://www.concrete5.org/developers/bugs/5-6-3/apostrophe-problem-in-page-controls/ (thanks mlocati)
- Fixed Google Maps block offset when using coordinates (thanks mlocati)