News items tagged with "patch"

This patch fixes several issues in the v2.4.1 release especially mailing failures and a security vulnerability in the elFinder file manager.. We strongly encourage all Exponent installations be upgraded to v2.4.1 with this patch as soon as practical! Patch #1 to v2.4.1 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.4.1-patch-1.zip/download​

This patch fixes several issues in the v2.4.0, v2.4.0patch1, v2.4.0patch2, v2.4.0patch3 and v2.4.0patch4 releases. It fixes some optional page redirection and page meta tags regression issues and updates some key components such as WYSIWYG Editors. We strongly encourage all Exponent installations be upgraded to v2.4.0 with this patch as soon as practical! Patch #5 to v2.4.0 is found at https://sourceforge.net/projects/exponentcms/files/exponent-2.4.0-patch-5.zip/download

This patch fixes several issues in the v2.4.0, v2.4.0patch1, v2.4.0patch2 and v2.4.0patch3 releases. It fixes some form control regression issues and updates some key components such as WYSIWYG Editors and the File Manager. We strongly encourage all Exponent installations be upgraded to v2.4.0 with this patch as soon as practical! Patch #4 to v2.4.0 is found at https://sourceforge.net/projects/exponentcms/files/exponent-2.4.0-patch-4.zip/download

This patch fixes several issues in the v2.4.0, v2.4.0patch1 and v2.4.0patch2 releases. It fixes two critical errors where new folders were created using the wrong permissions (since v237patch1 in .less to .css compilations) and an inability for new customers to create an account during checkout (since v240). It also enhances the new optional Page Redirection support. We strongly encourage all Exponent installations be upgraded to v2.4.0 with this patch as soon as practical! Patch #1 to v2.4.0 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.4.0-patch-3.zip/download​

This patch fixes several issues in the v2.4.0 and v2.4.0patch1 releases and continues to address some security vulnerabilities found in all previous versions of Exponent CMS v2.x. It also adds new optional Page Redirection support. This can be activated by updating the 'Configure Website', Error Messages tab and turning on 'Handle Page Not Found Redirection?'. Page Redirection is then found under the Manage All Pages views. We strongly encourage all Exponent installations be upgraded to v2.4.0 with this patch as soon as practical! Patch #1 to v2.4.0 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.4.0-patch-2.zip/download​

This patch fixes several issues in the v2.4.0 release and addresses a number of security vulnerabilities found in all previous versions of Exponent CMS v2.x. We strongly encourage all Exponent installations be upgraded to v2.4.0 with this patch as soon as practical! Patch #1 to v2.4.0 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.4.0-patch-1.zip/download​

This patch fixes several issues in the v2.3.9 release. It also provides several tweaks and new features including a 'fill screen' feature for the elFinder file manager, though the main focus is providing several security fixes. Patch #1 to v2.3.9 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.9-patch-1.zip/download​

Though they are both extremely old versions, they were the release before a major version change and are/may still be in use. Please bear in mind we strongly recommend your installations be updated to a much newer version which contains many more fixes and new features. Having said that, these patches (v2.1.4patch11 and v2.2.3patch14) fix security vulnerabilities reported by Manuel Garcia Cardenas and PKAV TEAM which could allow possible SQL injections.

There is a security vulnerability in Exponent 2.x found on September 12, 2016 and reported by Manuel Garcia Cardenas which could allow a possible SQL injection. Although the server and site setup to allow such an attack (in the real world) is very rare, it is none-the-less a vulnerability. It has been present in all versions of Exponent (2.x). The fix is:

Though they are both extremely old versions, they were the release before a major version change and are/may still be in use. Please bear in mind we strongly recommend your installations be updated to a much newer version which contains many more fixes and new features. Having said that, these patches (v2.1.4patch9 and v2.2.3patch12) fix a security vulnerability reported by Balisong which might allow uploaded scripts to be executed.