v2.3.6 pulled for critical error! Patch #1 Released for V2.3.7

Try a 'Fresh Fix' for 2016

Thursday, December 31, 2015 Tags: release, bugs

After a failed attempt to get something under the tree for Christmas, we now release v2.3.7 specifically to address the fatal flaws within the pulled v2.3.6 release. These include:

regression fix where all styles were stripped from rich text upon saving due to the recent security fix being too strong
regression fix where an admin could possibly edit a super-admin user profile
security fix where elFinder would allow an authenticated user to upload an xss script then execute it, CVE-ID #2015-8684
regression fix where enabling the enhanced password hash strength would break all future logins due to stored hash field not being long enough to store the new hash (since v2.3.5)
- this only occurred on sites when upgrading from a version prior to v2.3.5, and then only when increasing 'password crypto depth' above 0
regression fix where optional ajax paging would add 'time' parameter twice to calendar urls
regression fix where optional ajax paging would add google analytics params to the urls

Additionally it includes all the fixes and features found in the still-born v2.3.6 (code named Candy Cane)! We recommend that all users with a v2.3.x installation, upgrade to this version (with the normal precautions before upgrading a production web site).

Of particular note about this version:

adds additional security checking for XSS vulnerabilities - CVE-2015-8667
adds support for PHP v7.x
- compatible with PHP v5.3.x, 5.4.x, 5.5.x, 5.6.x, and 7.0.x

Highlights in the version are::

regression fix ALL reCaptcha responses always fail since v2.3.3
adds new 'loading' animation (font icon) for boostrap/bootstrap3
cleans up some bootstrap3 views, returns option of displaying extra-small buttons in sample theme
adds new setting to bootstrap/bootstrap3 themes to limit menu item depth in navbars
adds new setting to bootstrap3 theme to center main navbar (in addition to left & right alignment)
adds new optional paypalExpress 'in-context' checkout experience
adds two optional elFinder themes, also cleans up default theme
better EAAS error and event record support (events now sent by date instead of by entry sequence)
much better (optional) ajax paging support
much better job of returning to previous pages
adds new optional upgrade script to quickly clean up files database (adds new files, removes missing files)
includes all fixes from v2.3.5 patches (#1 & #2)

You can find additional information about changes in the pre-release news post found here.

v2.3.6 pulled for critical error! Patch #1 Released for V2.3.7

Join the Exponent Community
: Like Exponent CMS on Facebook; Follow Exponent CMS on Twitter

Forum Activity

Jan 01, 2024 @ 06:24 PM by dleffler v3.0.1patch3 released to update v3.0.0rc1/v3.0.1patch1 | Announcements
Jan 01, 2024 @ 06:22 PM by dleffler v2.7.1patch2 released to fix anomalies with v2.7.1 release | Announcements
May 31, 2023 @ 08:52 PM by dleffler v3.0.1patch2 released to update v3.0.0rc1/v3.0.1patch1 | Announcements
May 31, 2023 @ 08:50 PM by dleffler v2.7.1patch1 released to fix anomalies with v2.7.1 release | Announcements
Mar 07, 2023 @ 07:41 PM by dleffler v3.0.1patch1 released to update v3.0.0rc1 to v3.0.1 and fix anomalies with that release | Announcements
Mar 07, 2023 @ 07:14 PM by dleffler v2.7.1patch1 released to fix anomalies with v2.7.1 release | Announcements

File a Bug Report

Help Improve Exponent

Who Did This?

Exponent CMS is written and maintained by Online Innovative Creations (OIC Group, Inc.), a Peoria web design and development company. OIC Group, Inc. specializes in a wide range of web-based solutions for enterprise-level organizations and local businesses in Peoria. Learn more about this Peoria web design company. Spanning from custom website design and development to local SEO and social media marketing, OIC Group, Inc. is full-service web marketing firm that offers a wealth of solutions.

As the creator of Exponent CMS, OIC Group, Inc. offer fully-custom web design and development programs. To view examples of the company's work, visit the local website design portfolio to see both local and enterprise-level websites that OIC has created. In addition to search engine friendly websites, other specialties of OIC Group, Inc. include website optimization, conversion rate optimization, social media marketing, PPC advertising and Google Ads, local SEO and ecommerce SEO services.

If you're looking for ways to improve the potential of your Exponent CMS website, connect with Exponent CMS on Google+. To stay abreast various ways to better optimize your Exponent CMS website, follow OIC Group web design on Facebook.