Latest News

Exponent CMS Forums Back Up!

January 28, 2016 Tags: forums

(updated Jan 29th) After being out of service for quite some time, we have the Exponent CMS forums back up and running (forums.exponentcms.org) with a few caveats: (read more)

Security Notice: Closing an Exponent Security Vulnerability

January 14, 2016 Tags: security

We've been notified of a security vulnerability which could compromise your Exponent CMS installation.  This vulnerability applies to all versions of Exponent 2.x up to v2.3.7 patch #2.  The immediate fix is to rename the /install folder to something else, or remove/delete it. Though we've been working hard to close Cross-Site Scripting (XSS) vulnerabilities, this one could be more permanent and seems to result from an anomaly within PHP which allows a string variable to be internally interpreted and processed as an array thereby masking the payload. (read more)

Try a 'Fresh Fix' for 2016

December 31, 2015 Tags: release, bugs

After a failed attempt to get something under the tree for Christmas, we now release v2.3.7 specifically to address the fatal flaws within the pulled v2.3.6 release.  These include: (read more)

v2.3.6 pulled for critical error!

December 26, 2015 Tags: bugs

We've pulled the v2.3.6 release package and recommend you NOT install it!  Due to the holidays, v2.3.7 will not be released until after January 1st.  The new security fix unexpectedly removes all styling from edited WYSIWYG text when saved...which is basically how the WYSIWYG editor does most of its magic. Additionally, activating the new enhanced password hashing (also in v2.3.5) will corrupt passwords and prevent logging on after the password is updated (a database structure issue)  We already have fixes for these issues and will release a version 2.3.7 with the fixes and possibly another ajax paging fix.  We are sorry for this inconvenience. (read more)