PivotX 2.3.11 released

Sunday 21 June 2015 at 2:41 pm

We've released a new maintenance update for PivotX. This release also fixes a few minor security-issues, so it is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.

These are the changes since PivotX 2.3.10:

  • Now calling htmlspecialchars with ENT_QUOTES.
  • Escaping some user controlled variables.
  • Escape usage of PHP_SELF in form action.
  • Bug- / security-fix in getPivotxURL().
  • Using absolute paths everywhere in the head.
  • Bug fix in check of allowed file extensions.
  • No longer restore PHP session via session-id passing in url as it is insecure. (Partly reverting rev 3179.)
  • Fixing some warnings / notices, for newer PHP versions.
  • Properly escape user-controlled variables in the file explorer.
  • Moblog fixes - debugging and handling of mails with images from the default iphone mail app.

The PivotX 2.3.11 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.