PivotX 2.3.11 released

We've released a new maintenance update for PivotX. This release also fixes a few minor security-issues, so it is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.

These are the changes since PivotX 2.3.10:

  • Now calling htmlspecialchars with ENT_QUOTES.
  • Escaping some user controlled variables.
  • Escape usage of PHP_SELF in form action.
  • Bug- / security-fix in getPivotxURL().
  • Using absolute paths everywhere in the head.
  • Bug fix in check of allowed file extensions.
  • No longer restore PHP session via session-id passing in url as it is insecure. (Partly reverting rev 3179.)
  • Fixing some warnings / notices, for newer PHP versions.
  • Properly escape user-controlled variables in the file explorer.
  • Moblog fixes - debugging and handling of mails with images from the default iphone mail app.

The PivotX 2.3.11 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.

Posted by Bob den OtterSunday 21 June 20152

two comments

Hi. I want to know if pivotx will be continued. I want to help and to make some pivotx themes if this cms will be alive. thanks and sorry for my bad english.

Creare Site Suceava (Email ) (URL) - 04-12-’15 04:21

Nope, development is closed – http://forum.pivotx.net/viewtopic.php?f=..

RC (Email ) (URL) - 16-10-’16 16:27

For support questions please visit the PivotX forum.