Version 2.4.0 Released

Saturday, October 29, 2016 Tags: release, bugs, security

This version, code-named 'Limited Lockdown' fixes many security issues in all previous versions and adds screen reader (accessibility) support. We strongly encourage all Exponent installations be upgraded to v2.4.0 as soon as practical!

In an attempt to combat many security vulnerabilities being exposed (and freely advertised), security and input checking has been strengthened. The permission system has been upgraded to prevent access to utility functions only needed by admin users. This change should not affect most users and admins, unless you are using/writing custom modules. Because testing has been somewhat limited, there may be cases where actions which previously worked, are no longer authorized. THEREFORE, we encourage you to submit bug reports of any anomalies you might experience. We also plan for up to weekly patch updates with a plan for releasing a v2.4.1 at the beginning of 2017 to ensure your system remains operational.

Accessibility (screen reader support) has been implemented since it is mandated by the Americans with Disabilities Act and necessary for government and some public web sites. This initial implementation should be pretty robust, but may not be complete. Additionally, your custom theme (both the page templates and any custom view or modules) might need to be updated. An article about areas to look at will be posted in the near future.

Additionally, we've made the Form module's showall portfolio view more robust by adding a sorting direction option, an optional custom message when no records are displayed, and allowing the url, telephone, and email controls to be optionally output as a link instead of only as the value.

As with all previous upgrades, we highly recommend you test your system and custom theme before upgrading a production server, especially if jumping over minor version numbers. An article about updating a custom theme can be found here. Several articles about upgrading can be found here.