Edit File by line

# ImpressCMS ChangeLog

[0] Fix | Delete

[1] Fix | Delete

## ImpressCMS 1.4.2

[2] Fix | Delete

Date: 24 Dec 2020

[3] Fix | Delete

DB Version: 45

[4] Fix | Delete

Build Version: 100

[5] Fix | Delete

[6] Fix | Delete

This release fixes several bugs that were found during the HackerOne initial penetration test run on the 1.4.1 release. Some improvements and bugfixes are present as well.

[7] Fix | Delete

[8] Fix | Delete

### Fixes

[9] Fix | Delete

- 574 Test 1.4 on PHP 7.4 PHP7 (fiammybe)

[10] Fix | Delete

- 692 Include new version of profile PHP7 (fiammybe)

[11] Fix | Delete

- 845 PHP 7.4 : access array offset on value of type null in include/functions.php 1037 php 7.4 (fiammybe)

[12] Fix | Delete

- 852 anti-clickjacking security vulnerability (report #1055589 by jrckmcsb on HackerOne) (fiammybe)

[13] Fix | Delete

- 825 Improve path sanitizing bug security vulnerability (MekDrop)

[14] Fix | Delete

- 814 Better sanitize database queries in installer bug (report #983710 by solov9ev on HackerOne) (fiammybe)

[15] Fix | Delete

- 637 Notice on admin pages in PHP 7.4 duplicate php 7.4 (fiammybe)

[16] Fix | Delete

- 843 Fix the amount of cookies (fiammybe)

[17] Fix | Delete

- 805 Missing templates in system module (skenow)

[18] Fix | Delete

- 838 Remove whitesource config (Mekdrop)

[19] Fix | Delete

- 834 + 836 Limit maximum length of password (report #1033373 by f1v3 on HackerOne) (fiammybe)

[20] Fix | Delete

- 821 Fixed possible file system exposing due language cookie on installer (MekDrop)

[21] Fix | Delete

- 812 Prevents using submitted filenames with ../ for controller (report #1035311 by siva12 on HackerOne) (MekDrop)

[22] Fix | Delete

- 815 Better sanitize database queries in installer (report #983710 by solov9ev on HackerOne) (fiammybe)

[23] Fix | Delete

- 811 Remove phpopenid example folder bug (report #1042838 by hackerone_success on HackerOne) (fiammybe)

[24] Fix | Delete

- 810 more strict comparison of variables (report #1036883 by hodorsec on HackerOne) (fiammybe)

[25] Fix | Delete

- 806 Include the missing templates for the image manager (skenow)

[26] Fix | Delete

- 603 Issue with image inclusion on TinyMCE (fiammybe)

[27] Fix | Delete

[28] Fix | Delete

### Improvements

[29] Fix | Delete

- 636 errors in form fields on admin account creation page of the installer (fiammybe)

[30] Fix | Delete

- 848 Cleanup deprecated functions in functions.php (fiammybe)

[31] Fix | Delete

- 694 remove the icms_banner reference. No longer present (fiammybe)

[32] Fix | Delete

[33] Fix | Delete

## ImpressCMS 1.4.1

[34] Fix | Delete

Date: 07 Jul 2020

[35] Fix | Delete

DB Version: 45

[36] Fix | Delete

Build Version: 98

[37] Fix | Delete

[38] Fix | Delete

This release fixes several bugs that were present in the 1.4.0 release, some of them with security impact.

[39] Fix | Delete

[40] Fix | Delete

### Fixes

[41] Fix | Delete

- Stored XSS on ImpressCMS 1.4.0 ( #659 ) @Mekdrop

[42] Fix | Delete

- Existence of banners folder results in errors ( #600 ) @fiammybe

[43] Fix | Delete

- module admin menu is not shown in 1.4 ( #604 ) @skenow

[44] Fix | Delete

- ImageManager : admin can no longer preview images ( #590 ) @skenow

[45] Fix | Delete

- Fatal error during installation at page_tablescreate.php ( #576 ) @skenow

[46] Fix | Delete

- Test 1.4 on PHP 7.3 ( #573 ) @fiammybe

[47] Fix | Delete

- Login in Chrome points to blank page ( #100 ) @fiammybe

[48] Fix | Delete

[49] Fix | Delete

## ImpressCMS 1.4.0

[50] Fix | Delete

Date: 19 Dec 2019

[51] Fix | Delete

DB Version: 45

[52] Fix | Delete

Build Version: 96

[53] Fix | Delete

[54] Fix | Delete

### Improvements

[55] Fix | Delete

- curl extension in installer now is requirement not optional (#530) @MekDrop

[56] Fix | Delete

- PHP7 improvements based on mamba7x PR (#507) @fiammybe

[57] Fix | Delete

- make expiration header dynamic in the past (#504) @fiammybe

[58] Fix | Delete

- check mysql using PDO now (#487) @fiammybe

[59] Fix | Delete

- Add a warning when PHP used is below 7.2

[60] Fix | Delete

[61] Fix | Delete

### Fixes

[62] Fix | Delete

- Move prototype inclusion so trust_path creation works fixes #569 (#571) @skenow

[63] Fix | Delete

- Fixed PathStuffController's constructor (#528) @MekDrop

[64] Fix | Delete

- Fixed suppressed warning if variable $options['folderName'] is undefined or empty when creating theme (1.4.x) (#510) @MekDrop

[65] Fix | Delete

- Fixed function signatures in icms_image_Handler (1.4) (#512) @MekDrop

[66] Fix | Delete

- Fixed installer collation selection (#529) @MekDrop

[67] Fix | Delete

- Fix the template handling in the system module (#503) @fiammybe

[68] Fix | Delete

- Add a warning when PHP used is below 7.2

[69] Fix | Delete

[70] Fix | Delete

### Update

[71] Fix | Delete

- Protector update for PDO SQL sanitizing Close #496 (#497) @skenow

[72] Fix | Delete

- Update Protector for PHP7 (#492) @skenow

[73] Fix | Delete

- Update php requirements to 5.6 (#505) @fiammybe

[74] Fix | Delete

- Update of Smarty to 2.6.31 (the latest 2.x release)

[75] Fix | Delete

- Update of CSS-tidy to work in PHP7

[76] Fix | Delete

- PHPMailer update to 5.2.7

[77] Fix | Delete

- PHPOpenID updated for better PHP7 compatibility

[78] Fix | Delete

[79] Fix | Delete

### Removed

[80] Fix | Delete

- Removed installation_notify (#566) @MekDrop

[81] Fix | Delete

- Remove admin template folder in system module on upgrade (#509) @fiammybe

[82] Fix | Delete

[83] Fix | Delete

====================

[84] Fix | Delete

ImpressCMS 1.3.11

[85] Fix | Delete

-------------------------------

[86] Fix | Delete

Date: 08 dec 2018

[87] Fix | Delete

DB Version: 44

[88] Fix | Delete

Build Version: 91

[89] Fix | Delete

[90] Fix | Delete

##Security

[91] Fix | Delete

Fix XSS vulnerabilities in installer (as found by Omar Kurt, security researcher at Netsparker (https://www.netsparker.com)

[92] Fix | Delete

[93] Fix | Delete

##Improvements

[94] Fix | Delete

109 - Add extra metadata types property and itemprop

[95] Fix | Delete

121 - System module now shows the correct version number after install

[96] Fix | Delete

316 - Add extra languages in installer and core

[97] Fix | Delete

[98] Fix | Delete

##Fixes

[99] Fix | Delete

102 - pagination in the backend generates wrong URLs

[100] Fix | Delete

116 - Update the links to our website

[101] Fix | Delete

119 - Update system requirements in installer

[102] Fix | Delete

117 - update links to translations in installer

[103] Fix | Delete

[104] Fix | Delete

##Update

[105] Fix | Delete

296 - Update HTMLPurifier to 4.10

[106] Fix | Delete

297 - Update GeSHI to 1.0.8.13

[107] Fix | Delete

299 - Update jQuery to 3.3.1

[108] Fix | Delete

125 - Upgrade PHPMailer to 5.2.26

[109] Fix | Delete

[110] Fix | Delete

ImpressCMS 1.3.10

[111] Fix | Delete

-------------------------------

[112] Fix | Delete

Date: 30 december 2016

[113] Fix | Delete

DB Version: 43

[114] Fix | Delete

Build Version: 82

[115] Fix | Delete

[116] Fix | Delete

##Fixes

[117] Fix | Delete

913 - Comment preview loses text of comment

[118] Fix | Delete

930 - correct the link to the adsense wiki pages

[119] Fix | Delete

925 - Illegal string offset 'options' core/datafilter in PHP 5.6

[120] Fix | Delete

919 - System imagemanager clone UI-side feature redirects to invalid URL

[121] Fix | Delete

922 - Templates for Adsenses ACP cannot be overridden

[122] Fix | Delete

[123] Fix | Delete

##Security

[124] Fix | Delete

927 - SSRF vulnerability in image manager

[125] Fix | Delete

931 - Vulnerability in PHPMailer 5.2.18

[126] Fix | Delete

[127] Fix | Delete

[128] Fix | Delete