Shortly after the 1.0.2 release we were alerted to a vulnerability reported by Secunia and third party researcher Russ McRee. We have resolved the security issues in a timely manner and Secunia will be publishing their report on December 2, 2009. We thank Secunia for notifying us of the problems and properly coordinating the disclosure of this security threat. We do our best to provide quality code to prevent such security issues, but no CMS is perfect.
In addition to the security update, this release includes a new “Spam Trigger” module. We will be providing a video demonstration of this module in the next few days.
Pligg CMS 1.0.3 Changes
Below is an abbreviated changelog. To see the full list of changes please view our SVN logs.
- Security fixes
- Inline comment CAPTCHA fix
- Added new Spam Trigger module
- Deleting a comment now recalculates the story comment number
- 404error.php URL Method 2 fix
- Added Italian language
- Fixed admin language module removing UTF characters
- Fixed some RSS urls that had an extra forward slash at the end
- Fix for using quotes within HTML tags in stories
- Same name category fix
- Fixed JS in multibox_admin
- Removed /cache line from robots.txt to allow robots to crawl cached sitemap
- Login cookie fix for previously untested server configurations
- Fix for escape slashes in stories
- Register invalid characters fix for servers where PCRE was compiled without UTF-8 support
1.0.3 Template Changes
Template upgrades will be required for users seeking to move from 1.0.2 and below to 1.0.3. The important changes are simple 1 line additions to add some new security measures to Pligg forms. A slightly more complex update is required for users who want to fix the problem with inline comment CAPTCHAs. The important security template changes apply to the following template files:
As usual, we highly recommend that you use a program like Winmerge to compare the Wistie template from 1.0.2 to the latest 1.0.3 version to see all of the template changes since the last release.