"Fossies" - the Fresh Open Source Software Archive

Member "impresscms-1.4.2/docs/changelog.txt" (24 Dec 2020, 5658 Bytes) of package /linux/www/impresscms-1.4.2.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "changelog.txt" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes reports: 1.4.2_rc_vs_1.4.2 or 1.4.1_vs_1.4.2.

    1 # ImpressCMS ChangeLog
    2 
    3 ## ImpressCMS 1.4.2
    4 Date: 24 Dec 2020
    5 DB Version: 45
    6 Build Version: 100
    7 
    8 This release fixes several bugs that were found during the HackerOne initial penetration test run on the 1.4.1 release. Some improvements and bugfixes are present as well.
    9 
   10 ### Fixes
   11  - 574 Test 1.4 on PHP 7.4 PHP7 (fiammybe)
   12  - 692 Include new version of profile PHP7 (fiammybe)
   13  - 845 PHP 7.4 : access array offset on value of type null in include/functions.php 1037 php 7.4 (fiammybe)
   14  - 852 anti-clickjacking security vulnerability (report #1055589 by jrckmcsb on HackerOne) (fiammybe)
   15  - 825 Improve path sanitizing bug security vulnerability (MekDrop)
   16  - 814 Better sanitize database queries in installer bug  (report #983710 by solov9ev on HackerOne) (fiammybe)
   17  - 637 Notice on admin pages in PHP 7.4 duplicate php 7.4 (fiammybe)
   18  - 843 Fix the amount of cookies (fiammybe)
   19  - 805 Missing templates in system module (skenow)
   20  - 838 Remove whitesource config (Mekdrop)
   21  - 834 + 836 Limit maximum length of password  (report #1033373	by f1v3 on HackerOne) (fiammybe)
   22  - 821 Fixed possible file system exposing due language cookie on installer (MekDrop)
   23  - 812 Prevents using submitted filenames with ../ for controller (report #1035311 by siva12 on HackerOne) (MekDrop)
   24  - 815 Better sanitize database queries in installer (report #983710 by solov9ev on HackerOne) (fiammybe)
   25  - 811 Remove phpopenid example folder bug (report #1042838 by hackerone_success on HackerOne) (fiammybe)
   26  - 810 more strict comparison of variables  (report #1036883 by hodorsec on HackerOne) (fiammybe)
   27  - 806 Include the missing templates for the image manager (skenow)
   28  - 603 Issue with image inclusion on TinyMCE (fiammybe)
   29 
   30 ### Improvements
   31  - 636 errors in form fields on admin account creation page of the installer (fiammybe)
   32  - 848 Cleanup deprecated functions in functions.php (fiammybe)
   33  - 694 remove the icms_banner reference. No longer present (fiammybe)
   34 
   35 ## ImpressCMS 1.4.1
   36 Date: 07 Jul 2020
   37 DB Version: 45
   38 Build Version: 98
   39 
   40 This release fixes several bugs that were present in the 1.4.0 release, some of them with security impact.
   41 
   42 ### Fixes
   43  - Stored XSS on ImpressCMS 1.4.0 ( #659 ) @Mekdrop
   44  - Existence of banners folder results in errors ( #600 ) @fiammybe
   45  - module admin menu is not shown in 1.4 ( #604 ) @skenow
   46  - ImageManager : admin can no longer preview images ( #590 ) @skenow
   47  - Fatal error during installation at page_tablescreate.php ( #576 ) @skenow
   48  - Test 1.4 on PHP 7.3 ( #573 ) @fiammybe
   49  - Login in Chrome points to blank page ( #100 ) @fiammybe
   50 
   51 ## ImpressCMS 1.4.0
   52 Date: 19 Dec 2019
   53 DB Version: 45
   54 Build Version: 96
   55 
   56 ### Improvements
   57 - curl extension in installer now is requirement not optional (#530) @MekDrop
   58 - PHP7 improvements based on mamba7x PR (#507) @fiammybe
   59 - make expiration header dynamic in the past (#504) @fiammybe
   60 - check mysql using PDO now (#487) @fiammybe
   61 - Add a warning when PHP used is below 7.2
   62 
   63 ### Fixes
   64 - Move prototype inclusion so trust_path creation works fixes #569 (#571) @skenow
   65 - Fixed PathStuffController's constructor (#528) @MekDrop
   66 - Fixed suppressed warning if variable $options['folderName'] is undefined or empty when creating theme (1.4.x) (#510) @MekDrop
   67 - Fixed function signatures in icms_image_Handler (1.4) (#512) @MekDrop
   68 - Fixed installer collation selection (#529) @MekDrop
   69 - Fix the template handling in the system module (#503) @fiammybe
   70 - Add a warning when PHP used is below 7.2
   71 
   72 ### Update
   73 - Protector update for PDO SQL sanitizing Close #496 (#497) @skenow
   74 - Update Protector for PHP7 (#492) @skenow
   75 - Update php requirements to 5.6 (#505) @fiammybe
   76 - Update of Smarty to 2.6.31 (the latest 2.x release)
   77 - Update of CSS-tidy to work in PHP7
   78 - PHPMailer update to 5.2.7
   79 - PHPOpenID updated for better PHP7 compatibility
   80 
   81 ### Removed
   82 - Removed installation_notify (#566) @MekDrop
   83 - Remove admin template folder in system module on upgrade (#509) @fiammybe
   84 
   85 
   86 ## ImpressCMS 1.3.11
   87 Date: 08 dec 2018
   88 DB Version: 44
   89 Build Version: 91
   90 
   91 ### Security
   92 Fix XSS vulnerabilities in installer (as found by Omar Kurt, security researcher at Netsparker (https://www.netsparker.com)
   93 
   94 ### Improvements
   95 109 - Add extra metadata types property and itemprop
   96 121 - System module now shows the correct version number after install
   97 316 - Add extra languages in installer and core
   98 
   99 ### Fixes
  100 102 - pagination in the backend generates wrong URLs
  101 116 - Update the links to our website
  102 119 - Update system requirements in installer
  103 117 - update links to translations in installer
  104 
  105 ### Update
  106 296 - Update HTMLPurifier to 4.10
  107 297 - Update GeSHI to 1.0.8.13
  108 299 - Update jQuery to 3.3.1
  109 125 - Upgrade PHPMailer to 5.2.26
  110 
  111 ## ImpressCMS 1.3.10
  112 Date: 30 december 2016
  113 DB Version: 43
  114 Build Version: 82
  115 
  116 ### Fixes
  117 913 - Comment preview loses text of comment
  118 930 - correct the link to the adsense wiki pages
  119 925 - Illegal string offset 'options' core/datafilter in PHP 5.6
  120 919 - System imagemanager clone UI-side feature redirects to invalid URL
  121 922 - Templates for Adsenses ACP cannot be overridden
  122 
  123 ### Security
  124 927 - SSRF vulnerability in image manager
  125 931 - Vulnerability in PHPMailer 5.2.18
  126 
  127 ## ImpressCMS 1.3.9
  128 Date: 2 March 2016
  129 DB Version: 43
  130 Build Version: 80
  131 
  132 ### Improved:
  133 809 : Move minimal PHP version to PHP 5.5
  134 884 : PHP 5.4 Strict errors
  135 751 : Migrating to Universal Google Analytics
  136 868 : Duplicate entry in HTMLValidator class
  137 
  138 ### Fixed:
  139 898 : Database patch message for Formulise module always remains
  140 889 : Missing definition for for Non-PDO users
  141 881 : Check all button in Group administration does not work consistently
  142 
  143 ### Update:
  144 877 : Update HTMLPurifier to v4.7.0
  145 807 : Upgrade PHPMailer