News items tagged with "security"

Version 2.4.2 Released

January 1, 2018 Tags: release, bugs, security

To help ring in 2018, we've released version 2.4.2, 'Awaited Appearance'. There are a number of changes, new features, and countless fixes...especially since our most recent update v2.4.1patch6. Most importantly, v2.4.2 brings compatibility with PHP v7.2 which was released as stable a few short weeks ago. It however removes support for PHP v5.3 and v5.4 which have been considered obsolete for a long time. We do still support web servers running PHP v5.6 and v7.0, even though each are no longer recommended. We strongly encourage all Exponent installations be upgraded to v2.4.2 as soon as practical! (read more)

Version 2.4.1 Released

January 6, 2017 Tags: release, bugs, security

This version, code-named 'Frosty Freezer' continues to address security issues and screen reader (accessibility) support by fixing issues with the previous release . We strongly encourage all Exponent installations be upgraded to v2.4.1 as soon as practical! (read more)

Version 2.4.0 Released

October 29, 2016 Tags: release, bugs, security

This version, code-named 'Limited Lockdown' fixes many security issues in all previous versions and adds screen reader (accessibility) support. We strongly encourage all Exponent installations be upgraded to v2.4.0 as soon as practical! (read more)

Security Vulnerability - All Exponent Versions - October 2016

October 29, 2016 Tags: release, bugs, security

There are several security vulnerabilities in all versions of Exponent 2.x found in September and October, 2016, reported by a number of individuals including:Manuel Garcia Cardenas, the PKAV TEAM, fyth, felixk3y, DM_, obfusor, xiaoL, ylgaaaaa, Tomato, wooeast, and xiojunjie, These vulnerabilities could allow possible SQL injections, remote file exploits, RCE, XSS, changes to configurations, and other issues. They have been present in all versions of Exponent (2.x). The fix is: (read more)