All Exponent CMS users are encouraged to move their installations to v2.4.1 and to install this patch!
This patch addresses security vulnerabilities found in all previous versions of Exponent CMS v2.x, especially v2.4.1.
v241patch5 adds these features to v241:
- change default password security to blowfish vs md5
- allow specifying events send_reminders view in url
- add jquery/bootstrap-3 based toggle widget
v241patch5 fixes these issues in v241:
- regression fix (v240) invalidating valid source names made some modules disappear
- fix styling issue with bs3 form designer 'Toggle Designer Grid'
- regression fix with links showall view links if the open new window option was selected
- fix possible xss security issue with elFinder (thanks to chengable)
- fix new socialfeed notes view photos on firefox and opera
v241patch5 updates these 3rd party libraries in v241:
- mediaelement.js to v4.0.6