Release Notes: This Long Term Support (LTS) release contains several security fixes, enhancements, and bugfixes.
Release Notes: Content module installation was failing in 1.2.5. Dates for new content pages were defaulting to 31 Dec 1969 without any way to change it. Installation of the core on MySQL 5.2, or higher, failed because of the TYPE= statements in the SQL structure. TinyMCE was updated to the latest release, and should work on IE 9.
Release Notes: This release addresses security vulnerabilities in the imagemanager plugin for the TinyMCE editor and in quick search functionality used in the administration area. Improvements for SSL support were back-ported from the current trunk to this version.
Release Notes: Fixes and improvements in the control panel, core functionalities, design and templates, and the installation, registration, and upgrade processes.
Release Notes: This release introduces an improved image manager with online editing, a fully customizable Profile module with social networking features, a content module, autotasks, AJAX Redirect (no more redirect page), HTMLPurifier and CAPTCHA configuration interfaces, themes for the admin area, separate home pages for each group, textsanitizer plugins, a new installer, a redesigned and extended search results page, Google Adsense management, and centralized ratings and MIME type management.
Release Notes: This release addresses the security improvements in PHPOpenID and Smarty, included in the core of ImpressCMS.
Release Notes: This release focuses on code cleanup and several minor bugs. HTML Purifier was updated to the latest version. The CAPTCHA function was corrected. Session handling improved in the frontend and administration areas.
Release Notes: A security issue in SESSION id (Fixation), an XSS vulnerability, and a potential (but not necessarily vulnerable) exploit in $_GET['editor'] were fixed. A security issue in Blocks Positions was also fixed. The option to send an email notification for private messages was added, and the user's email address will only appear in the From: header if the user has activated "Allow other users to view my email address".
Release Notes: This release fixes issues with content menu in RTL, issues with registration not completed with passwordmeter, and issues with too easy CAPTCHA configs. When saving a block, if $options was a multi-level array, StopXSS was failing to save the array. StopXSS is now recursive and will save all levels of the $text parameter if it's an array. Leading space in cache/index.html has been fixed. Issues with multiple time stamps are fixed. A security issue in snoopy.php has been fixed. An issue with the pagination links of the image manager tinyMCE plugin has been fixed.
Release Notes: A small vulnerability in the userranks administration of 1.0.2 has been fixed, though administrator access is required to exploit the vulnerability.