CMSimple_XH 1.6.6

A place for general not CMSimple related discussions
Post Reply
Posts: 13273
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE

CMSimple_XH 1.6.6

Post by cmb » Sun Mar 15, 2015 11:50 am

Hello Community,

we have just released CMSimple_XH 1.6.6. This release fixes a severe vulnerability and a few bugs, and updates to the latest jQuery4CMSimple and hi_UpdateCheck.

Updating is strongly recommended.

  • fixed an Arbitrary Code Execution vulnerability (all versions since at least CMSimple_XH 1.0[1] are affected)
  • fixed bug, where plugin.css is refreshed on every request
  • fixed regression bug, where error message regarding already sent headers was not shown anymore
  • fixed bug, where HTML has been escaped twice in meta tags tab
  • updated to jQuery4CMSimple 1.6
  • updated to hi_UpdateCheck 1.3
For further details see the archived roadmap.

As usual you have the following options:
  • For new installations use the full installation package.
  • For updating from CMSimple_XH 1.6.5 use the update package and follow the generic update instructions Additionally, heed the following specific update notes:
    • Switch to the latest jQuery and jQueryUI in the configuration of the jQuery4CMSimple plugin
  • For updating from CMSimple_XH 1.6 use the update package and follow the generic update instructions. Addtionally, heed the following specific update notes:
    • With CMSimple_XH 1.6.1 we have moved the folders css/ and javascript/ to core/css/ resp. core/js, so you may have to delete the old folders manually after the update.
    • In some cases spaces in the URL will be encoded differently (- instead of _). If you don't like that, change the config option Uri -> Word separator.
    • If you are using meta_tags title, you have to review the titles of the respective pages. The new behavior is likely to be what you want, but check it anyway.
    • Due to the changed heading level of the submenu, you might have to adapt your template's stylesheet.css if you have menu_levels not equal to 3.
    • If you want to use userprelude.php you have to replace the index.php files of existing copies of 2lang with 2lang/index.php.
    • Also heed the update notes for 1.6.5 to 1.6.6 above.

PS: [1] I've fixed the affected CMSimple_XH versions.
Christoph M. Becker – Plugins for CMSimple_XH

Post Reply