PivotX 2.3.10 released

We've released a new maintenance update for PivotX. This release fixes a minor security-issue, so it is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.

These are the changes since PivotX 2.3.9:

  • Properly escape user-controlled variables in the file explorer. (XSS)
  • Moblog fixes - debugging and handling of mails with images from the default iphone mail app.
  • Updated TinyMCE to 3.5.11
  • Strip HTML tags the the request variable "px_message". Thx, Waledac Oxana!
  • Wrong domain for session cookie if the web server is running on a non-standard port.

The PivotX 2.3.10 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.

Posted by Bob den OtterMonday 25 August 2014
shareshare

For support questions please visit the PivotX forum.