Please see special notes on UPGRADING in the Wiki
Download Files are HERE
Latest Version Release Notes
https://github.com/GetSimpleCMS/GetSimpleCMS/releases
Detailed changelog and releases can be found on Github
Releases may be available on github before they appear here.
Old Versions
Version 3.3.15 (2018-9-21)
- #1238 debug_backtrace() was changed in PHP 7 (OPTIONAL WITH GSBTFIX) now
Version 3.3.14 (2018-09-01)
- #1243 upload ext not lowercase
- #1224 CVE 2017-8081 SECURITY
- #1223 php 7 deprecates char arrays
-
CAUSES PROBLEMS WITH PHP 7!
-
#1238 1238 debug_backtrace() was changed in PHP 7
Version 3.3.13 (2016-10-11)
- #1194 thumbnail creation Bug -oleg06
Version 3.3.12 (2016-09-18)
-
#1191 settings not showing permalink properly CRITICAL
Version 3.3.11 (2016-08-10)
- #1177 Getsimple CMS <= 3.3.10 Arbitrary File Upload Vulnerability - s0nk3y
- #1159 Built-in transliteration - cnb - dimayakovlev
- #1181 no default font color
Version 3.3.10 (2016-06-06)
- #1147 settings password form fill annoyance
- #1145 utf-8 all xml headers
- #1144 FILTER_SANITIZE_FULL_SPECIAL_CHARS not supported php 5.2
- #1143 Duplicate id #sitename on settings
- #1120 Core Data Files can not be used as custom data storage Feature
- #1149 disable chmods GSDOCHMOD
- #1136 Preserve case in uploads define('GSUPLOADSLC',false)
- #1155 ckeditor 4.5.9 ( fixes toolbar cache issue with 3.3.9 )
- #1161 ckeditor plugins and disable autogrow
Version 3.3.9 (2016-04-20)
Please see special notes on this release in the Wiki
- #1137 update ckeditor to latest (4.5.7), also adds codesnippet and autogrow cke plugins
Version 3.3.8 (2016-02-02)
- #1130 theme.php persistent xss injection SECURITY
- #1127 theme.php POST template persistent xss SECURITY
- #1111 page delete never fails on error
- #1103 Reflected XSS - Uploads section SECURITY
- #1131 Function createBak in 3.3.x always return false
Version 3.3.7 (2015-08-23)
- FIX #1077 upload protection breaks on apache 1.3
- FIX #1074 Stored XSS in the USER profile SECURITY
- FIX #1071 disabled select text color
- FIX #1067 Persistant/Stored XSS while creating page and also in backups SECURITY
- FIX #1065 uploadifybutton not themed
- FIX #1078 plugin api checks can crash plugins.php added GSNOPLUGINCHECK
- FIX #1081 x-frame can break stuff
- NEW #1089 format xml files GSFORMATXML
Version 3.3.6 (2015-07-13)
WARNING DO NOT INSTALL IF ON APACHE 1.3, fixed in 3.3.7
- FIX #1029 page save never fails
- FIX #1028 gsnoframe applies to front end
- FIX #1048 definition check issues
- FIX #1043 install apache error is misleading
- FIX #1049 cke sperators are not visible
- FIX #1060 file upload security bypass, using whitelist and mime checking SECURITY
- FIX #1059 filebrowser arbitrary js injection SECURITY
- FIX #1058 thumb.php security bypass copy/move files SECURITY
- FIX #1057 theme-edit directory traversal SECURITY
- FIX #1050 Page 'Meta Description' contains Style/Script declarations
- FIX #1046 Persistent XSS - GetSimpleCMS 3.3.5 SECURITY
- FIX #1064 plugins table has no highlight
- NEW #1032 upload execution protection
- NEW #1042 new blacklist extensions
- NEW #1044 ckeditor keep some empty tags
- NEW #1051 strip shortcodes
Version 3.3.5 (2015-02-04)
- FIX: #974 files does not show permissions on windows
- FIX: #973 image.php dir traversal SECURITY
- FIX: #972 log.php xss SECURITY
- FIX: #971 prevent backend in frames x-frame policy SECURITY
- FIX: #970 better cookie security SECURITY
- FIX: #969 backup-edit traversal SECURITY
- FIX: #966 Security vulns SECURITY
- FIX: #965 corrupt page fatal error
- FIX: #948 Fatal Error => zip-Backup
- FIX: #945 placeholder confusion
- FIX: #944 XML External Entity (XXE) Vulnerability in admin/api.php SECURITY
- FIX: #979 some debug info when uploading image
- FIX: #996 Reverse Proxy : url detection
Version 3.3.4 (2014-10-08)
- FIX #904 new page nonindex existing-url notices
- FIX #903 fix undo for create new page
- FIX #902 Missing argument 1 for getRegexUnicode() notices
- FIX #929 admin panel sidebar on Safari, weird transition
Version 3.3.3 (2014-8-21)
- FIX #894 component slugs case sensitive -sarnaiz
- FIX #891 Ckeditor toolbar newline issue -cnb
- FIX #867 pages cache (pages.xml) not updated after UNDO operation, in page edition
- FIX #866 GSSUPPRESSERRORS constant typo -flexphperia SUPRESSERRORS still works but is now deprecated
- FIX #825 setup form still showing on install error
- FIX #821 filetime uses ctime -lnickel
- FIX #818 scrolltofixed assets -mvlcek
- FIX #805 component xml corruption -emanwebdev
- FIX #623 Only Https for Admin issues
Version 3.3.2 (2014-5-16)
- FIX #806 fix broken wiki links, using /docs rewrites now
- FIX #788 Update template.php validation issue -STudio26
- FIX #797 numerous settings fields allow persistent xss
- FIX #793 GSUSECUSTOMSALT changes
- FIX #745 Formatted xml data files problems
- FIX #784 pagecache contains url in duplicate
- FIX #713 Slug matching root folder saveable -n00dles
- FIX #765 unable to upload jpeg (genStdThumb) -flexphperia
- FIX #728 no gd fatal errors -lnickel
- FIX #764 simplexml missing check
- FIX #771 upload filename cleaning @ -b3n
- FIX #776 json toolbar not working
- FIX #775 custom toolbar not working -Markus00000
- FIX #524 no cache control
- FIX #773 add exist checks on unlink tmp files
- FIX #735 temp files are deleted
- FIX #774 uploadify does not error out
- FIX #772 file upload overwrite protection double encoding
- FIX #695 permalink not trimmed
- FIX #580 htaccess rewrite config
- FIX #812 reset password username leakage - nerdbox.it
- NEW #344 reset password issues
- NEW #790 get_Page_Excerpt refactor
- NEW #711 sidebar links to components, focus component content
- NEW #709 create component doesn't focus input
- NEW #750 debugLog improvements, accepts arrays as argument
- NEW #682 Compatibility with Apache v2.4
- NEW #766 lang file loading protection
- NEW #770 Make installs more simple
- NEW #737 mb_internal_encoding not set
- NEW #767 Remove Yahoo ping sitemap function DEPRECATED
- NEW #653 header content-type utf-8
- NEW #683 htaccess wrap rewrite
Version 3.3.1 (2014-2-11)
- FIX #753 support plugins that modify cke globals
- FIX #751 menu manager subsequent saves fail -apt
- FIX #744 left in debugging
- FIX #742 missing failedlogins.log issue
Version 3.3.0 (2014-1-28)
- FIX #310 caching hooks unusable
- FIX #363 Sitemap hooks broken, New filter added
- FIX #466 Session expire redirects do not resume
- FIX #512 Install password not showing
- FIX #531 slug prefixed with dash if page title begins with a space
- FIX #576 anonymous data plugin sidemenu
- FIX #603 Edit / Pages not using page cache
- FIX #608 Install emails not received
- FIX #614 Curl init not being checked
- FIX #615 failure log corruption utf-8 cyrillic usernames
- FIX #617 backup-edit ckeditor config entities
- FIX #625 Long Site names overflow login form
- FIX #626 $EDOPTIONS comma safe
- FIX #631 cke globals are not actually global
- FIX #633 i18n_r called before lang loaded
- FIX #646 health check xml invalid if empty
- FIX #647 Logins broken by php notice/warnings
- FIX #648 Login cookie set twice
- FIX #661 admin styles are cached and old after upgrades
- FIX #667 Mail warning on install, breaks cookies
- FIX #673 ajax redirects not handled
- FIX #710 Plugins not sorted
- FIX #718 cannot redeclare in upload.php
- FIX #721 ck-editor IE10 fatal errors
- FIX #734 plugins updated js messages not translated
- FIX #686 setup shows the form again if there is a mail error
- NEW #469 Always show component tags
- NEW #562 i18n fallback default language
- NEW #589 cutting edge and betas
- NEW #605 Dynamic css classes in menus
- NEW #609 Missing page cache implementations
- NEW #637 detect api timeouts for error handling
- NEW #641 better health check for disabled functions
- NEW #642 Better textarea tab spacing
- NEW #651 additional health check info
- NEW #653 header content-type utf-8
- NEW #659 Increase cookie timeout
- NEW #664 update.php issues
- NEW #668 add page cache filter
- NEW #669 add sitemap filter
- NEW #674 cannot update or install from root
- NEW #688 lazy loading pagecache in caching functions -cnb
- NEW #711 component input focus on side nav -cnb
- NEW #705 phantom / invisible slugs
- NEW #712 add editor link filter
- NEW #722 ckeditor upgraded to 3.6.6
Version 3.2.3 (2013-08-24)
- FIX: $EDOPTIONS gets a , prefixed to it breaking plugins cke
Version 3.2.2 (2013-08-08)
- NEW: refactor plugins checking, plugins are only scanned on plugins page now
- NEW: Persistent plugin api calls on backend, now confined to plugins page only
- NEW: Replaced memory_limit -1 with 100M in thumb.php
- NEW: javascript injection filtering on pages display
- NEW: enabled auto saving to live pages for general testing
- NEW: File upload whitelists advanced config
- NEW: Remove branding from public admin pages
- NEW: Added github link on support page
- NEW: Improved ckeditor options and toolbar config capability
- NEW: Hide innovation settings if theme is not innovation
- NEW: Added google+, many others, to innovation theme social
- NEW: Added css classes for widesec and wideopt
- NEW: Switching Themes shows preview image now
- NEW: CKEditor dataformatter behavior, breakbefore and indentation formatting changes
- NEW: Remove back end assets from public front end auth pages
- NEW: Auto meta descriptions no longer default, added GSAUTOMETAD
- NEW: Remove meta generator
- FIX: get_api_details fails, added debug handlers and improved detection and fallbacks
- FIX: Fix cdns to fallback to local
- FIX: Codemirror theme editor broken when Admin folder changed
- FIX: CSRF Detected
- FIX: Thumbnails not created
Version 3.2.1 (2013-04-25)
- restored missing version in admin footer
- health check plugins.xml chmod check 644 writable
- Some javascript i18n translations missing
- removed extra install.php from core
- fixed missing undo link for page deletions
- Default index.xml date was sep 2009, is now install date upon install
- slug creation problems on servers with no mb extension
- page options parent is blank, display no parent now
- attempt to fix 3.0 upgrade issues, missing cache folder issue
- Identify page on edit titlebar and footer
- SECURITY: Settings $LANG persistent xss injection.
- SECURITY: xss vulns in backupedit, filebrowser, error_checking, edit
- SECURITY: ajax.php dir traversal
- SECURITY: ununsed antixss typo
- SECURITY: Data leakage via traversal inclusion on frontend
- SECURITY: removed loadtab.php, arbitrary code execution
Version 3.2.0 (2013-02-11)
- Added Flush Cache link to settings to clear all caches
- Sorted list now sort using natural sort, fixes file01,file10,file2
- New plugin toggle handling, and speed improvements.
- Generate missing thumbnails preview visits, useful for ftped files
- Style changes to CkEditor, all editors should inherit GS styles now, some border fixes
- Codemirror style changes, better programming fonts, lineheight, alignments fixes
- Removed image link borders in emails
- Added utf-8 meta to cardinal theme
- Menu items now contain class "active" in addition to current, more standardized for frameworks.
- GS css compression fixes
- Added Fluid Fullwidth admin style via `define('GSSTYLE',GSSTYLEWIDE)`
- Debug Mode Link now points to wiki debugging section
- JQuery-ui is now loaded on all backend pages, not just when used
- Profile settings now contain field for setting a display name for the user.
- Plugins that need update are now styled more visibly'
- Plugin tabs and sidemenus contain classes to style them, plugin_tab and plugin_sb respectively
IMPORTANT CHANGES
- admin css definitions moved from `style.php` to `css.php` include, problematic if users changed style.php
- GS used to force php error suppression, GS will no longer do this unless `SUPPRESSERRORS` is set.
- Plugins are no longer activated automatically upon installation
New config directives
- GSNOVERCHECK - Disable persistant header version checking
- GSTIMEZONE - Timezone string for server default timezone
- GSNOSITEMAP - Disable sitemap generation
- GSSTYLE - Set an alternative style, eg. GSSTYLEWIDE
- GSDEBUGINSTALL - Debugging, Prevent removal of install files for debugging installs
- SUPPRESSERRORS - reproduce previous GS behavior ragarding php error supression
BUGS FIXED
- Fix for failed login ip whois lookup
- File manager / upload issues, IE fixes etc.
- Fix for various file traversal exploits on authenticated users
- filebrowser, uploads, downloads, deletefile, themeedit
- executing php functions from url, Deprecated ajax.php
- Hidden templates showing up eg. `.filename`
- bad API results get returned and not filtered
- Components with empty content are removed
- Uploads column headers in debug mode swapped
- Cannot set user timezone if strict php mode, corrupt nonces
- Mysterious broken logins issue
- Creating page without a title deletes the content
- Child page can set self as parent
- Changing name of component doesn't focus the input
- Site name encoding in backend and frontend
- XSS on archive.php
- Archive Backups not working on Windows hosts
- Fix $kill notices on install.php
- Fix for multiple plugin read xml
- Plugins should not be automatically enabled
- Remove GS version number from admin login
- autosave using milliseconds not seconds for timing
- theme editor missing wrapper
- Health Check version is missing when upgrade available
- Upload throwing a get 404 error asset load
- Auto Save saves slug changes as they occur if set too fast.
- Version check in javascript
Version 3.1.2 (2013-06-28)
- Fixed a minor filebrowser issue (problems when using subfolders & multiple files). Not critical
Version 3.1.1
- Sitemap generation fix
- Pages cache fix
- Plugins cache fix
- Better theme editor file detection
- Better detection of an empty slug or page title upon page save
- Thumbnail creation in subfolders fix
- Menumager updates
- Better detection of an empty slug or page title upon page save
- New error loggin class
- Debuglog fixes
- Added new GSCONFIG option GSNOHIGHLIGHT to enable/disable highlighting in theme editor
- Lots of tidy up of code.
Version 3.1
- Automatic generation of sitemap when changes occur (create,delete pages/settings)
- Better notification when GetSimple core needs updating
- Notification when plugins are out of date via Extend API
- Ability to "clone" a page
- Breadcrumbs removed from <h1> in admin panel
- Theme editor has syntax highlighting and is now full-screen
- Theme editor allows you to edit any file within the
/theme/
folder - CAPS LOCK detection for password fields
- Login page hooks now working again
- Can "undo" a page slug change
- When ZipArchive is not available, website backup creates a tar.gz file
- All delete/enable/disable functions have been ajax-ified
- If there is only one language installed, it is the default language. No longer is en_US hardcoded as default.
- Login cookie is now Sitewide-enabled by default
- MIME type validation of files that are uploaded, also restricts certain upload file extentions (php, sh, js, html)
- Removed jQuery plugin quick-paginate
- Upgraded jQuery to 1.7 via Google CDN; GS jQuery refactoring/cleaned code
- You can now view a "private" page if you are logged in
- Innovation plugin is i18n language compatible
- Drag and drop menu management
- The GetSimple API was created
- The core now supports the HTTPS protocol
- Ability to turn off CSRF protection in gsconfig.php
- Page autosave feature added (disabled by default)
- Admin panel theme bug fixed
- Can force template files to be ignored in page editor with
.inc.php
- Mike's "page caching" plugin is included in the core for faster reading of XML files
Version 3.0
- Change of login to be multi-user compatible - Meaning XML files are being migrated by
update.php
- Control panel width increased from 900px to 960px
- Can enable/disable plugins
- A new default theme utilizing HTML5 & CSS3
- Conversion of all i18n calls to a new function
- GS now cleans up image names when they are uploaded (removing invalid chars & spaces)
- Fix of
PHPFILE_INFO
to be backwards compatible with PHP < 5.2 - gpc magic quotes fixes
- Languages can now be used on first setup screen
/admin/
path can be changed withgsconfig.php
- All code documentation changed to PHPDoc style
- Archive zip changed to native PHP function
- Ability to have more than one level in the main navigation
- 404 header fix
- Image cropping ctrl or cmd keyboard changed to stop conflict with certain browsers
- Cleanup of code (making new functions)
- Cleanup of all template functions (depreciated certain functions)
- CSS3 style updates
- Major refactors to two pages: Support & Settings
- iOS features added so the administrative panel acts as a iPad web-app
- Basic admin panel theming introduced
- Multiple subfolder support in File Management
- Upgrade of jQuery, FancyBox, CKEditor and Uploadify
- Additional DEBUG information
- Filebrowser to browser server files/images from within CKEditor
- Ability to link to internal pages from within CKEditor
- Removed most CKEditor languages
Version 2.03.1
- Update to fix a vulnerability on logout.php
Version 2.03
- Sanitization of
$_SERVER
variables to prevent XSS attacks - Additional "Submit" button on edit page. Delete link added
- Custom permalink structure option added in Settings
- Removal of 404 error reporting email option
- Ability to set CHMOD mode for saved xml files (issue)
- Force canonical redirects (issue)
- CKEditor: setting of baseURL and ability to set custom toolbar
get_page_excerpt()
template tag added- And many other smaller fixes. Your best bet is to look here
There was no official 2.02 release.
Version 2.01
- Added Image Link to WYSIWYG toolbars
- Upgraded to CKEditor 3.1
- Fixed URL creation for nav, sitemap and menudata by centralizing around a function
- Special chars don't break site title anymore
- Added hash for extra login security
- Sanitized ID variable that is used on index.php
- Code in changedata.php added to verify it is being called from edit.php
- Added code in cron.php, zip.php and sitemap.php to make them more secure
- Ability to download web archive zip files fixed
- Components organized when there are more than 3 listed
- Added QSA to .htaccess file
- Misc changes to aid in first-time uploads & table pagination
- Removal of $uri variable in many pages. Replaced with $id
/admin/plugins
moved to/plugins
(moved into root folder)
Version 2.0
- Added detailed image upload information for use in HTML
- Automatic & custom image thumbnail generation
- Upgraded Uploadify
- CKEditor replaces TinyMCE
- Plugin system added
- Enhanced login and upload security
- Optimized backend code
- Theme file XMLHttpRequest error fixed
- Meta Description added as a page option
- Components titles are now editable
- Many ajax & jQuery improvements
Version 1.71
- Critical fix for vulnerability fixed with file upload
- Fixed theme functions problem (Forum post)
Version 1.7
stripslashes()
needed to be called on all edit.php fields (only effected apostrophes)- Default_Theme CSS/HTML fixes
- Auto-login done after successful installation
- Added cross-browser support for Control Panel
- Timeouts added to cURL requests
- Added PHP
header()
for 404 errors thanks to Brian - Various language file updates & additions (thanks to the many contributors)
menu_data()
modification thanks to Mike- Case-insensitive check for available PHP/Apache modules during installation
Version 1.6
- Smart Generation of .htaccess for subdomains
- Internationalization of control panel
- Total UTF-8 support for pages
- Smart install procedure that checks and suggests CHMOD settings
- Integrated Lighthouse ticket submission removed b/c of misuse
- Theme functions.php now included automatically
- Minor bug fixes
Version 1.5
- Encoding problems fixed in the Page Edit & Components screens - Issue
- Blank Install.php page fix
- Minor bug fixes
Version 1.4
- Install Loop fix by Derek
- Ticket Submission fix thanks to Derek
- Default Theme contact form fix thanks to David
- PHP now allowed in Components thanks to Mike
Version 1.3
- Fixes to the Contact Form
- More attempts to fix file & folder permission issues
Version 1.25
- CHMOD data folders upon install
- Minor bug fixes
Version 1.2
- Minor bug fixes
Version 1.1
- Minor bug fixes
Version 1.0
- First initial public release