2.1.1 Release

UPDATED

• Updated license and copyright

Update Phire

UPDATE

• Update to 2.1.0, add getQueryString method

Upgrade to Pop 2.1.0

UPGRADED

• Upgrade to Pop 2.1.0, include PHP 7 support

Finalize 2.0.1 Release

Finalize 2.0.1 Release, release patches for the XSS vulnerabilities.

2.0.1 Release Candidate

PATCHED

The following vulnerabilities were found and reported by Mattia Reggiani on 6/9/2016 and patched by Nick Sagona on 6/14/2016:

• XSS vulnerability found in the "datetime_format_custom" field on the configuration screen
  • [Patched] https://github.com/phirecms/phirecms/blob/master/phire-cms/src/Model/Config.php#L139
• XSS vulnerability found in the "username" field on the user edit screen
  • [Patched] https://github.com/phirecms/phirecms/blob/master/phire-cms/src/Controller/Users/IndexController.php#L195
• XSS vulnerability found in the "Application Error" screen
  • [Patched] https://github.com/phirecms/phirecms/blob/master/phire-cms/src/Module.php#L161

Additionally, a bug was found that was incorrectly saving the datetime format from the configuration screen. That was patched as well.

The first official 2.0.0 release of Phire 2

The first official 2.0.0 release of Phire 2

2.0.0 release candidate 2

Release candidate 2 for Phire CMS 2.0.0.

Initial 2.0.0 release candidate

Initial 2.0.0 release candidate for Phire CMS 2.