|
The ImpressCMS Project (http://www.impresscms.org)
has just released ImpressCMS 1.2.2, which is a security release for the
1.2 series of ImpressCMS. This version patches a recently discovered
vulnerability in an external library, CSSTidy. The file containing the
vulnerability is not used by ImpressCMS, and can be safely removed.
Fixing the vulnerability via an upgrade:
Upgrading to ImpressCMS 1.2.2 will take care of removing that file. The
latest release package (1.2.2) does not contain the vulnerable file
anymore.
Fixing the vulnerability Manually:
In case you have made changes to your local installation that make it
difficult to do an upgrade, please remove the vulnerable file manually.
The file to remove is plugins/csstidy/css_optimiser.php
Where do I get ImpressCMS 1.2.2?
You can download the latest release from our file release system on
SourceForge (http://sourceforge.net/projects/impresscms/files/).
The download packages allows you to either do a fresh installation, or
upgrade from an earlier version of ImpressCMS or XOOPS.
Disclaimer: All information on this site is deemed reliable but not guaranteed and should be independently verified. Neither the listing maintainers nor Plain Black Corporation shall be responsible for any typographical errors, misinformation, misprints and shall be held totally harmless. We welcome feedback about errors in the data on this site.
Assignment: Any user that chooses to submit information to our site agrees to automatically license the rights to the submitted information to Plain Black Corporation for whatever purpose Plain Black Corporation deems necessary. All copyrights and other rights are retained by the owner of the original work.