News items tagged with "bugs"
Hot on the heals of patch #4, this patch fixes a two critical issues in the v2.4.1 patch #4 release (and prior) which may cause some modules with odd source names to disappear such as those added to the flyout sidebars. It also fixes a possible XSS exploit in elFinder (thanks to chengable) We strongly encourage all Exponent installations be upgraded to v2.4.1 as soon as practical! Patch #5 to v2.4.1 is found at http://sourceforge.net/projects/exponentcms/files/exponent-2.4.1-patch-5.zip/download
This version, code-named 'Frosty Freezer' continues to address security issues and screen reader (accessibility) support by fixing issues with the previous release . We strongly encourage all Exponent installations be upgraded to v2.4.1 as soon as practical! (read more)
This version, code-named 'Limited Lockdown' fixes many security issues in all previous versions and adds screen reader (accessibility) support. We strongly encourage all Exponent installations be upgraded to v2.4.0 as soon as practical! (read more)
There are several security vulnerabilities in all versions of Exponent 2.x found in September and October, 2016, reported by a number of individuals including:Manuel Garcia Cardenas, the PKAV TEAM, fyth, felixk3y, DM_, obfusor, xiaoL, ylgaaaaa, Tomato, wooeast, and xiojunjie, These vulnerabilities could allow possible SQL injections, remote file exploits, RCE, XSS, changes to configurations, and other issues. They have been present in all versions of Exponent (2.x). The fix is: (read more)