08Nov2014
X3 CMS 0.5.2 - Security fixes
The 0.5.1 and 0.5.1.1 releases was affected by two vulnerabilities. A big thanks to Narendra Bathi who noticed us about that.
We had just finished to add some small improvements so we decided to put all together. Let's see the news:
Vulnerabilities
There was an XSS vulnerability in the search_controller used in the public and private areas.
There was a CSRF vulnerability in the form submission in most controllers used in the admin area. This could be an issue if you open the admin area to unknown users like in our demo.
Anyway, thanks again to Narendra Bathi, the doors are now closed.
Image rotation
Image editing now include the rotation option, so you can now adjust the uploaded images.
Automatic translation
We have just restored an useful feature: the automatic translation when import a dictionary section from another language. For the translation we use the Google Translator service. So after the import you have to check if all expressions are translated (if not translated will be marked with an *) and if the translation is correct. The translation starts automatically if the origin and destination languages are different.
NOTE: the translation will work even with the ALL option (all the sections in one time) but this could not be optimal. So, be aware of this.
Have fun
