Exponent's Latest News

Security Notice: Closing an Exponent Security Vulnerability

January 14, 2016 Tags: security

We've been notified of a security vulnerability which could compromise your Exponent CMS installation.  This vulnerability applies to all versions of Exponent 2.x up to v2.3.7 patch #2.  The immediate fix is to rename the /install folder to something else, or remove/delete it. Though we've been working hard to close Cross-Site Scripting (XSS) vulnerabilities, this one could be more permanent and seems to result from an anomaly within PHP which allows a string variable to be internally interpreted and processed as an array thereby masking the payload. (read more)

Patch #2 Released for V2.3.7

January 9, 2016 Tags: patch, release, bugs

This patch fixes several issues in the v2.3.7 release and the v2.3.7 patch #1 and provides several tweaks and even some new features. The main fix is for a regression problem in v2.3.7 which prevented editing or copying existing calendar events. It must be noted that this patch will break any custom text module view templates using in-place editing.  While you will not lose any data, the results of saving the first in-place change will break the javascript on the page...therefore you must remove any such custom templates, or create a new one based on the system ones included in this patch.  Patch #2 to v2.3.7 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.7-patch-2.zip/download (read more)

v2.3.7/v2.3.7 Patch #1 Bug

January 4, 2016 Tags: bugs, preview

You can expect a v2.3.7 patch #2 to be released later this week (1st full week of 2016) to fix a v2.3.7 regression bug which prevents editing or copying calendar events.  There is no work-around for this bug, however it doesn't affect creating new events.  The patch will also fix some styling issues with bootstrap 3 based themes, clean up the optional ajax paging urls, and remove some warnings which prevent some ajax calls and xmlrpc from working when error reporting is turned on. (read more)

Patch #1 Released for V2.3.7

January 2, 2016 Tags: patch, release, bugs

This patch fixes a few issues in the v2.3.7release. The main fix is for a regression problem in v2.3.7 which prevented using the 'Quick Upload' feature because uploaded files would be truncated to zero bytes.. Patch #1 to v2.3.7 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.7-patch-1.zip/download (read more)

Try a 'Fresh Fix' for 2016

December 31, 2015 Tags: release, bugs

After a failed attempt to get something under the tree for Christmas, we now release v2.3.7 specifically to address the fatal flaws within the pulled v2.3.6 release.  These include: (read more)

v2.3.6 pulled for critical error!

December 26, 2015 Tags: bugs

We've pulled the v2.3.6 release package and recommend you NOT install it!  Due to the holidays, v2.3.7 will not be released until after January 1st.  The new security fix unexpectedly removes all styling from edited WYSIWYG text when saved...which is basically how the WYSIWYG editor does most of its magic. Additionally, activating the new enhanced password hashing (also in v2.3.5) will corrupt passwords and prevent logging on after the password is updated (a database structure issue)  We already have fixes for these issues and will release a version 2.3.7 with the fixes and possibly another ajax paging fix.  We are sorry for this inconvenience. (read more)

Get a 'Candy Cane' for Christmas 2015!

December 25, 2015 Tags: release

Exponent version 2.3.6 (code named Candy Cane) is a wonderful Christmas gift to you! We recommend that all users with a v2.3.x installation, upgrade to this version (with the normal precautions before upgrading a production web site).  (read more)

End of Year Closeouts!

December 15, 2015 Tags: preview

The next version of Exponent should be out before 2016 arrives. It will include a number of bug fixes and a few new features. The most important fix deals with PHP version compatibility.  Fixes and updates since v2.3.5patch2 include: (read more)

Export to PDF Libraries Updated AGAIN!

December 15, 2015 Tags: release, pdf

We've updated the optional 'Export to PDF' libraries to work with PHP version 7 installations.  These libraries are NOT included with the Exponent CMS package (nor the git repository). The original 3rd party libraries either do not work with PHP v7 or Exponent, so these special customized packages are available as separate downloads. (read more)

Patch #2 Released for V2.3.5

November 20, 2015 Tags: patch, release, bugs

This patch fixes a number of issues in the v2.3.5 and v2.3.5patch1 releases. The main fix is for a regression issue in v2.3.5 & v2.3.5patch1 which prevented ecommerce checkout. Patch #2 to v2.3.5 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.3.5-patch-2.zip/download (read more)