Exponent's Latest News

We've updated the optional 'Export to PDF' libraries.  These libraries are NOT included with the Exponent CMS package (nor the git repository), but are available as separate downloads.

In addition to the issues addressed in v2.3.2 patch #1, this 2nd patch fixes some anomalies with the 'security fixes' (especially on older servers using php magic quotes).  It also provides many fixes and tweaks to the ecommerce system. Patch #2 to v2.3.2 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.2-patch-2.zip/download

(Updated Jan 12th) We've updated the forum software from Vanilla Forums v2.0.18 to v2.1.6. This should not only implement the latest security fixes, but also allow us to provide a more favorable user experience in the future.

Our standard set of sample themes which are no longer included with the standard package have been updated for v2.3.0+ to make them more HTML5 and Exponent 2.x compliant.  You can find them on SourceForge.net

To start 2015 off on a good note, we've released the first patch to v2.3.2.  In addition to fixing a number of regression bugs, we've addressed another security issue (identified by Sudhanshu Chauhan from Octogence) in our current release.  Patch #1 to v2.3.2 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.2-patch-1.zip/download.

With the new year upon us and a fresh release (v2.3.2) pushing us along, what's in store for Exponent CMS in 2015?  Though there are no major changes or updates planned at this point (unlike this time last year), you can rest assured there will be many fixes, tweaks, and interface improvements this coming year,  ​

We've gone ahead and released a new version (Christmas Consolidation) to help consolidate recent patches and reduce confusion.  Though this patch primarily addresses anomalies introduced with the recent XSS exploit fix, it also adds some new and updated features from the development code. 

To address some of the anomalies introduced in the recent patches to versions 2.1.4 and 2.2.3, we've issued v2.1.4 patch #7 and v2.2.3 patch #10.  This should solve the inability to delete files within the file manager, fix a navigation module permissions issue, and make the XSS security fix more robust.  You can find the patches here.

(Updated Patches are available for download - you may also pull from the 'master' repository!) After a number of false starts, we've finally fixed a security issue (identified by Mayuresh Dani and Narendra Shinde from qualys.com) in our current release and some of our older versions and now have a patches available to fix this specific issue:

Please do NOT install v2.3.1 Patch #1/#2/#3, v2.2.3 Patch #6/#7/#8, nor v2.1.4 Patch #3/#4/#5!  They may cause WYSIWYG text to become garbled when saving (on a server with php versions less than v5.4.0 with 'magic quotes' turned on), and would strip scripts when saving a Code Snippet module.  We have recently released a universal (server) fix for these versions.