Patch #2 Released for V2.4.0

Friday, November 4, 2016 Tags: patch, release, bugs

This patch fixes several issues in the v2.4.0 and v2.4.0patch1 releases and continues to address some security vulnerabilities found in all previous versions of Exponent CMS v2.x. It also adds new optional Page Redirection support. This can be activated by updating the 'Configure Website', Error Messages tab and turning on 'Handle Page Not Found Redirection?'. Page Redirection is then found under the Manage All Pages views. We strongly encourage all Exponent installations be upgraded to v2.4.0 with this patch as soon as practical! Patch #1 to v2.4.0 is found at

v240patch2 adds these features to v240 previous releases:

  • initial implementation of optional page redirection support; must be turned on in site configuration Error Messages, then managed by manage all pages

v240patch2 fixes these issues in v240 previous releases:

  • prevent logged in users from viewing other user records and admins from super-admin records; thanks to pang0lin
  • fix sql injection issue in notfound controller; reported by pang0lin
  • fix db indexes removed during 'remove db unneeded columns' command
  • (regression) fix text accordion view (non-bs/bs3), may have never worked correctly

v240patch2 updates no 3rd party libraries in v240 previous releases: