Skip to content

v2.4.1 Patch #6

Compare
Choose a tag to compare
@dleffler dleffler released this 02 Sep 16:16
· 2060 commits to master since this release

All Exponent CMS users are encouraged to move their installations to v2.4.1 and to install this patch!

This patch addresses security vulnerabilities found in all previous versions of Exponent CMS v2.x, especially v2.4.1.

v241patch6 adds these features to v241:

  • update optional eDebug support for Kint v2.0
  • font-awesome icon on page not found view in bootstrap2/3; adds search box if no similar results found
  • more secure system password generator
  • adds error checking to fileupload control to account for a file not being uploaded due to a server configuration issue

v241patch6 fixes these issues in v241:

  • fix ie10 viewport bug workaround
  • fix ealerts send, since expBot doesn't appear to be working correctly
  • security fix for rouge admins attempting to elevate their permissions (thanks to chengable)
  • regression fix (v241p5) valid custom wysiwyg configuration may break page
  • fix the verify return shopper view (probably always broken?)
  • regression fix (v240) unable to edit existing orders
  • regression fix (v240) unable to add/activate user addresses (ecom)
  • fix photoalbum bs3 slideshow view to optionally display text
  • fix workflow issue which prevented updating item ranks/order
  • fix fatal issue when attempting to view form data using default columns
  • fixes several issues with workflow, esp. search index

v241patch6 updates these 3rd party libraries in v241:

  • tinymce to v4.6.6, adds new help/about plugin
  • ckeditor to v4.7.2, also updates autosave plugin
  • elFinder to v2.1.28, updates edit file editors
  • mediaelement to v4.2.5 and mediaelement plugins to v2.4.0
  • normalize.css to v7.0.0
  • swiftmailer to v5.4.8 (v6.x requires php v7+)
  • easypost library to v3.3.5
  • sortable jquery plugin to v1.6.0
  • validate jquery plugin to v1.17.0
  • xmlrpc to v4.2.0
  • plupload to v2.3.3 (used by tinymce quickupload plugin)