CMSimple_XH 1.7.1 fixes two vulnerabilities, namely that the CSRF tokens have not been cryptographically secure, and a potential information leakage in newsboxes. Furthermore, a lot of mostly minor bugs have been fixed, and updates to Pagemanager_XH 3.1 and Fa_XH 1.2 have been made.
All users of CMSimple_XH 1.7.0 are encouraged to update as soon as possible.
See the changelog for details.
As usual you have the following options:
- For new installations use the full installation package!
SHA-256 hash: 110D4D25298810C9FB7095CA1A1BA04067AA9C9F7C95FF2E4376262E96C67658
- For updating from CMSimple_XH 1.7.0 use the update package and follow the generic update instructions! From CMSimple_XH 1.7.1 new in the update package is the file deleted_files.txt in the toplevel folder of the ZIP archive. It contains a list of files which are no longer needed. It is recommended to delete these files from the server.
SHA-256 hash: A3447DECF765EB576544756BBBDFE0A1B4ED4B9B95D5515B657E6207B0E10A82