Patch #2 Released for V2.4.1

Friday, March 3, 2017 Tags: patch, release, bugs

This patch fixes several issues in the v2.4.1 release especially a security vulnerability and some issues with file uploads. We strongly encourage all Exponent installations be upgraded to v2.4.1 with this patch as soon as practical! Patch #2 to v2.4.1 is found at

v241patch2 adds these features to v241:

  • update dynamic SEO page titles to reduce length

v241patch2 fixes these issues in v241:

  • regression fix (v240) unable to update cart item quantities
  • regression fix (v241) several elFinder upload/paste issues
  • regression fix wildcard module name for action_maps.php (probably never worked correctly)
  • security fix exploits using source_selector.php, reported by Belladona-c0re and croxy CVE-2017-6364
  • regression fix some 500 errors when permissions or logged in checks fail

v241patch2 updates these 3rd party libraries in v241:

  • bootstrap datetimepicker to v4.17.47
  • easypost library to v3.3.3
  • plupload to v2.3.1
  • TinyMCE to v4.5.4
  • elFinder to v2.1.22 to fix upload/mimetype (security) issues
  • Sortable jquery plugin to v1.5.1
  • less.php less compiler to v1.17.0.13 to bring less.js support from 1.7.0 to 2.5.3
  • mediaelement.js to v3.2.3, includes plugins v1.2.2