PivotX 2.3.11 released

We've released a new maintenance update for PivotX. This release also fixes a few minor security-issues, so it is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.

These are the changes since PivotX 2.3.10:

• Now calling htmlspecialchars with ENT_QUOTES.
• Escaping some user controlled variables.
• Escape usage of PHP_SELF in form action.
• Bug- / security-fix in getPivotxURL().
• Using absolute paths everywhere in the head.
• Bug fix in check of allowed file extensions.
• No longer restore PHP session via session-id passing in url as it is insecure. (Partly reverting rev 3179.)
• Fixing some warnings / notices, for newer PHP versions.
• Properly escape user-controlled variables in the file explorer.
• Moblog fixes - debugging and handling of mails with images from the default iphone mail app.

The PivotX 2.3.11 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.

share