News items tagged with "patch"

There are two security vulnerabilities in Exponent 2.x found on June 1, 2016. The first has been present in all versions of Exponent (2.x), and the second is found in all versions since and including v2.1.0. The fix(es) is:

This patch is released to address a fix for the traditional file manager file uploaded which has been broken on Bootstrap based themes. It also addresses some specific issues in the v2.3.8, v2.3.8 Patch #1, v2.3.8patch #2, v2.3.8 Patch #3, v2.3.8 Patch #4, and v2.3.8 Patch #5 releases.

Hot on the heals of its predecessor, this patch fixes some specific issues in the v2.3.8, v2.3.8 Patch #1, v2.3.8patch #2, v2.3.8 Patch #3, and v2.3.8 Patch #4 releases. Specifically:

This patch fixes some issues in the v2.3.8, v2.3.8 Patch #1, v2.3.8patch #2, and v2.3.8 Patch #3 releases, especially with 'minification'. It also provides several tweaks and new features. In particular this release adds a new dynamic/drag-n-drop form designer to Bootstrap 3 themes. Patch #4 to v2.3.8 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.8-patch-4.zip/download​

There is a security vulnerability in Exponent 2.x found on August 26, 2016 reported by Balisong which could allow uploaded scripts to be executed. It has been present in all versions of Exponent (2.x). The fix is:

This patch fixes two security vulnerabilities, plus several issues in the v2.3.8, v2.3.8 Patch #2, and v2.3.8 Patch #1 releases. It also provides several tweaks and new features. In particular this release adds small device support to the elFinder file manager. Patch #3 to v2.3.8 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.8-patch-3.zip/download​

Though they are both extremely old versions, they were the release before a major version change and are/may still be in use. Please bear in mind we strongly recommend your installations be updated to a much newer version which contains many more fixes and new features. Having said that, these patches (v2.1.4patch8 and v2.2.3patch11) fix a security vulnerability with the database manager and pixidou editor. And in v2.2.3 we correct some very annoying debug output (warnings) that practically makes the site unusable when error reporting is turned on.

This patch fixes several issues in the v2.3.8 and v2.3.8 Patch #1 releases. It also provides several tweaks and new features. In particular this release adds remote/external calendar event caching (using a cron script) and importing. Patch #2 to v2.3.8 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.8-patch-2.zip/download​

This patch fixes several issues in the v2.3.8 release. It also provides several tweaks and new features, though the main focus is providing several regression fixes.  Patch #1 to v2.3.8 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.8-patch-1.zip/download​

This patch fixes several issues in the v2.3.7 release and v2.3.7 patch #1, patch#2, and patch#3.  It also provides several tweaks and even some new features, though the main focus is providing several regression fixes.  It should be noted that the new optional 'Upgrade permissions' upgrade scripts will attempt to lock down the site by fixing file and folder permissions (except for cgi-bin) which means also turning off the 'execute' permission.   It must be noted that this patch (like the previous patches to v2.3.7) will break any custom text module view templates using in-place editing.  Unlike previous patches, this patch file also includes all the 'installation' files in the event you secured your site by deleting or renaming the /install folder. Patch #4 to v2.3.7 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.7-patch-4.zip/download​