Patch #2 Released for V2.4.1
This patch fixes several issues in the v2.4.1 release especially a security vulnerability and some issues with file uploads. We strongly encourage all Exponent installations be upgraded to v2.4.1 with this patch as soon as practical! Patch #2 to v2.4.1 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.4.1-patch-2.zip/download
v241patch2 adds these features to v241:
- update dynamic SEO page titles to reduce length
v241patch2 fixes these issues in v241:
- regression fix (v240) unable to update cart item quantities
- regression fix (v241) several elFinder upload/paste issues
- regression fix wildcard module name for action_maps.php (probably never worked correctly)
- security fix exploits using source_selector.php, reported by Belladona-c0re and croxy CVE-2017-6364
- regression fix some 500 errors when permissions or logged in checks fail
v241patch2 updates these 3rd party libraries in v241:
- bootstrap datetimepicker to v4.17.47
- easypost library to v3.3.3
- plupload to v2.3.1
- TinyMCE to v4.5.4
- elFinder to v2.1.22 to fix upload/mimetype (security) issues
- Sortable jquery plugin to v1.5.1
- less.php less compiler to v1.17.0.13 to bring less.js support from 1.7.0 to 2.5.3
- mediaelement.js to v3.2.3, includes plugins v1.2.2