Exponent's Latest News

Patch #1 Released for V2.3.9

September 13, 2016 Tags: patch, release, bugs

This patch fixes several issues in the v2.3.9 release. It also provides several tweaks and new features including a 'fill screen' feature for the elFinder file manager, though the main focus is providing several security fixes.  Patch #1 to v2.3.9 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.9-patch-1.zip/download (read more)

Updated Patches released for v2.1.4 and v2.2.3 Again

September 13, 2016 Tags: patch, release, bugs

Though they are both extremely old versions, they were the release before a major version change and are/may still be in use. Please bear in mind we strongly recommend your installations be updated to a much newer version which contains many more fixes and new features. Having said that, these patches (v2.1.4patch11 and v2.2.3patch14) fix security vulnerabilities reported by Manuel Garcia Cardenas and PKAV TEAM which could allow possible SQL injections. (read more)

Security Vulnerability - All Exponent Versions - September 2016

September 12, 2016 Tags: patch, security

There is a security vulnerability in Exponent 2.x found on September 12, 2016 and reported by Manuel Garcia Cardenas which could allow a possible SQL injection. Although the server and site setup to allow such an attack (in the real world) is very rare, it is none-the-less a vulnerability.  It has been present in all versions of Exponent (2.x). The fix is: (read more)

Version 2.3.9 Released

September 1, 2016 Tags: release, bugs

This version, code-named 'Sultry Summer' fixes many issues in the previous version(s) and adds several new features. There is a new dynamic drag-n-drop form designer for Twitter Bootstrap 3 based themes which greatly speeds up form design. It also provides much better support for small devices when using a Twitter Bootstrap 3 based theme. Other major include: (read more)

Security Vulnerability - All Exponent Versions - August 2016

August 28, 2016 Tags: patch, security

There is a security vulnerability in Exponent 2.x found on August 26, 2016 reported by Balisong which could allow uploaded scripts to be executed.  It has been present in all versions of Exponent (2.x). The fix is: (read more)

Updated Patches released for v2.1.4 and v2.2.3

August 28, 2016 Tags: patch, release, bugs

Though they are both extremely old versions, they were the release before a major version change and are/may still be in use. Please bear in mind we strongly recommend your installations be updated to a much newer version which contains many more fixes and new features. Having said that, these patches (v2.1.4patch9 and v2.2.3patch12) fix a security vulnerability reported by Balisong which might allow uploaded scripts to be executed. (read more)

Patch #6 Released for V2.3.8

June 24, 2016 Tags: patch, release, bugs

This patch is released to address a fix for the traditional file manager file uploaded which has been broken on Bootstrap based themes. It also addresses some specific issues in the v2.3.8, v2.3.8 Patch #1, v2.3.8patch #2, v2.3.8 Patch #3, v2.3.8 Patch #4, and v2.3.8 Patch #5 releases. (read more)

Patch #5 Released for V2.3.8

June 17, 2016 Tags: patch, release, bugs

Hot on the heals of its predecessor, this patch fixes some specific issues in the v2.3.8, v2.3.8 Patch #1, v2.3.8patch #2, v2.3.8 Patch #3, and v2.3.8 Patch #4 releases. Specifically: (read more)

Exponent web sites become more mobile friendly

June 16, 2016

Though you may not have immediately noticed a difference, both the main Exponent CMS site (this site) and the Exponent CMS Documentation web site have an updated look which is based on Twitter Bootstrap (3). While we've attempted to keep the basic look and feel for both sites, they will now be much more small device friendly.  Please be patient as we tweak a few things, especially in regards to how menus/navbars operate, etc... (read more)

Patch #4 Released for V2.3.8

June 14, 2016 Tags: patch, release, bugs

This patch fixes some issues in the v2.3.8, v2.3.8 Patch #1, v2.3.8patch #2, and v2.3.8 Patch #3 releases, especially with 'minification'. It also provides several tweaks and new features. In particular this release adds a new dynamic/drag-n-drop form designer to Bootstrap 3 themes. Patch #4 to v2.3.8 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.8-patch-4.zip/download (read more)