Detailed changelog and releases can be found on Github

Please see special notes on UPGRADING in the Wiki


Version 3.3.14 (2017-12-21)

  • #1243 upload ext not lowercase
  • #1224 CVE 2017-8081 SECURITY
  • #1223 php 7 deprecates char arrays

Version 3.3.13 (2016-10-11)

  • #1194 thumbnail creation Bug -oleg06

Version 3.3.12 (2016-09-18)

  • #1191 settings not showing permalink properly CRITICAL

Version 3.3.11 (2016-08-10)

  • #1177 Getsimple CMS <= 3.3.10 Arbitrary File Upload Vulnerability - s0nk3y
  • #1159 Built-in transliteration - cnb - dimayakovlev 
  • #1181 no default font color

Version 3.3.10 (2016-06-06)

  • #1147 settings password form fill annoyance
  • #1145 utf-8 all xml headers
  • #1144 FILTER_SANITIZE_FULL_SPECIAL_CHARS not supported php 5.2
  • #1143 Duplicate id #sitename on settings
  • #1120 Core Data Files can not be used as custom data storage Feature
  • #1149 disable chmods GSDOCHMOD
  • #1136 Preserve case in uploads define('GSUPLOADSLC',false)
  • #1155 ckeditor 4.5.9 ( fixes toolbar cache issue with 3.3.9 )
  • #1161 ckeditor plugins and disable autogrow

Version 3.3.9 (2016-04-20)

          Please see special notes on this release in the Wiki

  •  #1137 update ckeditor to latest (4.5.7), also adds codesnippet and autogrow cke plugins

Version 3.3.8 (2016-02-02)

  • #1130 theme.php persistent xss injection SECURITY
  • #1127 theme.php POST template persistent xss SECURITY
  • #1111 page delete never fails on error
  • #1103 Reflected XSS - Uploads section SECURITY
  • #1131 Function createBak in 3.3.x always return false

Version 3.3.7 (2015-08-23)

  • FIX #1077 upload protection breaks on apache 1.3
  • FIX #1074 Stored XSS in the USER profile SECURITY
  • FIX #1071 disabled select text color
  • FIX #1067 Persistant/Stored XSS while creating page and also in backups SECURITY
  • FIX #1065 uploadifybutton not themed
  • FIX #1078 plugin api checks can crash plugins.php added GSNOPLUGINCHECK
  • FIX #1081 x-frame can break stuff
  • NEW #1089 format xml files GSFORMATXML

Version 3.3.6 (2015-07-13)


  • FIX #1029 page save never fails
  • FIX #1028 gsnoframe applies to front end
  • FIX #1048 definition check issues
  • FIX #1043 install apache error is misleading
  • FIX #1049 cke sperators are not visible
  • FIX #1060 file upload security bypass, using whitelist and mime checking SECURITY
  • FIX #1059 filebrowser arbitrary js injection SECURITY
  • FIX #1058 thumb.php security bypass copy/move files SECURITY
  • FIX #1057 theme-edit directory traversal SECURITY
  • FIX #1050 Page 'Meta Description' contains Style/Script declarations
  • FIX #1046 Persistent XSS - GetSimpleCMS 3.3.5 SECURITY
  • FIX #1064 plugins table has no highlight
  • NEW #1032 upload execution protection
  • NEW #1042 new blacklist extensions
  • NEW #1044 ckeditor keep some empty tags
  • NEW #1051 strip shortcodes

Version 3.3.5 (2015-02-04)

  • FIX: #974 files does not show permissions on windows
  • FIX: #973 image.php dir traversal SECURITY
  • FIX: #972 log.php xss SECURITY
  • FIX: #971 prevent backend in frames x-frame policy SECURITY
  • FIX: #970 better cookie security SECURITY
  • FIX: #969 backup-edit traversal SECURITY
  • FIX: #966 Security vulns SECURITY
  • FIX: #965 corrupt page fatal error
  • FIX: #948 Fatal Error => zip-Backup
  • FIX: #945 placeholder confusion
  • FIX: #944 XML External Entity (XXE) Vulnerability in admin/api.php SECURITY
  • FIX: #979 some debug info when uploading image
  • FIX: #996 Reverse Proxy : url detection

Version 3.3.4 (2014-10-08)

  • FIX #904  new page nonindex existing-url notices
  • FIX #903  fix undo for create new page 
  • FIX #902  Missing argument 1 for getRegexUnicode() notices
  • FIX #929 admin panel sidebar on Safari, weird transition

Version 3.3.3 (2014-8-21) 

  • FIX #894 component slugs case sensitive -sarnaiz
  • FIX #891 Ckeditor toolbar newline issue -cnb
  • FIX #867 pages cache (pages.xml) not updated after UNDO operation, in page edition
  • FIX #866 GSSUPPRESSERRORS constant typo -flexphperia SUPRESSERRORS still works but is now deprecated
  • FIX #825 setup form still showing on install error
  • FIX #821 filetime uses ctime -lnickel
  • FIX #818 scrolltofixed assets -mvlcek
  • FIX #805 component xml corruption -emanwebdev
  • FIX #623 Only Https for Admin issues

Version 3.3.2 (2014-5-16)

  • FIX #806 fix broken wiki links, using /docs rewrites now
  • FIX #788 Update template.php validation issue -STudio26
  • FIX #797 numerous settings fields allow persistent xss
  • FIX #793 GSUSECUSTOMSALT changes
  • FIX #745 Formatted xml data files problems
  • FIX #784 pagecache contains url in duplicate
  • FIX #713 Slug matching root folder saveable -n00dles
  • FIX #765 unable to upload jpeg (genStdThumb) -flexphperia
  • FIX #728 no gd fatal errors -lnickel
  • FIX #764 simplexml missing check
  • FIX #771 upload filename cleaning @ -b3n
  • FIX #776 json toolbar not working
  • FIX #775 custom toolbar not working -Markus00000
  • FIX #524 no cache control
  • FIX #773 add exist checks on unlink tmp files
  • FIX #735 temp files are deleted
  • FIX #774 uploadify does not error out
  • FIX #772 file upload overwrite protection double encoding
  • FIX #695 permalink not trimmed
  • FIX #580 htaccess rewrite config
  • FIX #812 reset password username leakage -
  • NEW #344 reset password issues
  • NEW #790 get_Page_Excerpt refactor
  • NEW #711 sidebar links to components, focus component content
  • NEW #709 create component doesn't focus input
  • NEW #750 debugLog improvements, accepts arrays as argument
  • NEW #682 Compatibility with Apache v2.4
  • NEW #766 lang file loading protection
  • NEW #770 Make installs more simple
  • NEW #737 mb_internal_encoding not set
  • NEW #767 Remove Yahoo ping sitemap function DEPRECATED
  • NEW #653 header content-type utf-8
  • NEW #683 htaccess wrap rewrite

Version 3.3.1 (2014-2-11)

  • FIX #753 support plugins that modify cke globals
  • FIX #751 menu manager subsequent saves fail -apt
  • FIX #744 left in debugging
  • FIX #742 missing failedlogins.log issue


Version 3.3.0  (2014-1-28)

  • FIX #310 caching hooks unusable
  • FIX #363 Sitemap hooks broken, New filter added
  • FIX #466 Session expire redirects do not resume
  • FIX #512 Install password not showing
  • FIX #531 slug prefixed with dash if page title begins with a space
  • FIX #576 anonymous data plugin sidemenu
  • FIX #603 Edit / Pages not using page cache
  • FIX #608 Install emails not received
  • FIX #614 Curl init not being checked
  • FIX #615 failure log corruption utf-8 cyrillic usernames
  • FIX #617 backup-edit ckeditor config entities
  • FIX #625 Long Site names overflow login form
  • FIX #626 $EDOPTIONS comma safe
  • FIX #631 cke globals are not actually global
  • FIX #633 i18n_r called before lang loaded
  • FIX #646 health check xml invalid if empty
  • FIX #647 Logins broken by php notice/warnings
  • FIX #648 Login cookie set twice
  • FIX #661 admin styles are cached and old after upgrades
  • FIX #667 Mail warning on install, breaks cookies
  • FIX #673 ajax redirects not handled
  • FIX #710 Plugins not sorted
  • FIX #718 cannot redeclare in upload.php
  • FIX #721 ck-editor IE10 fatal errors
  • FIX #734 plugins updated js messages not translated
  • FIX #686 setup shows the form again if there is a mail error
  • NEW #469 Always show component tags
  • NEW #562 i18n fallback default language
  • NEW #589 cutting edge and betas
  • NEW #605 Dynamic css classes in menus
  • NEW #609 Missing page cache implementations
  • NEW #637 detect api timeouts for error handling
  • NEW #641 better health check for disabled functions
  • NEW #642 Better textarea tab spacing
  • NEW #651 additional health check info
  • NEW #653 header content-type utf-8
  • NEW #659 Increase cookie timeout
  • NEW #664 update.php issues
  • NEW #668 add page cache filter
  • NEW #669 add sitemap filter
  • NEW #674 cannot update or install from root
  • NEW #688 lazy loading pagecache in caching functions -cnb
  • NEW #711 component input focus on side nav -cnb
  • NEW #705 phantom / invisible slugs
  • NEW #712 add editor link filter
  • NEW #722 ckeditor upgraded to 3.6.6


Version 3.2.3 (2013-08-24)

  • FIX: $EDOPTIONS gets a , prefixed to it breaking plugins cke

Version 3.2.2 (2013-08-08)

  • NEW: refactor plugins checking, plugins are only scanned on plugins page now
  • NEW: Persistent plugin api calls on backend, now confined to plugins page only
  • NEW: Replaced memory_limit -1 with 100M in thumb.php
  • NEW: javascript injection filtering on pages display
  • NEW: enabled auto saving to live pages for general testing
  • NEW: File upload whitelists advanced config
  • NEW: Remove branding from public admin pages
  • NEW: Added github link on support page
  • NEW: Improved ckeditor options and toolbar config capability
  • NEW: Hide innovation settings if theme is not innovation
  • NEW: Added google+, many others, to innovation theme social
  • NEW: Added css classes for widesec and wideopt
  • NEW: Switching Themes shows preview image now
  • NEW: CKEditor dataformatter behavior, breakbefore and indentation formatting changes
  • NEW: Remove back end assets from public front end auth pages
  • NEW: Auto meta descriptions no longer default, added GSAUTOMETAD
  • NEW: Remove meta generator
  • FIX: get_api_details fails, added debug handlers and improved detection and fallbacks
  • FIX: Fix cdns to fallback to local
  • FIX: Codemirror theme editor broken when Admin folder changed
  • FIX: CSRF Detected
  • FIX: Thumbnails not created

Version 3.2.1 (2013-04-25)

  • restored missing version in admin footer
  • health check plugins.xml chmod check 644 writable          
  • Some javascript i18n translations missing
  • removed extra install.php from core
  • fixed missing undo link for page deletions
  • Default index.xml date was sep 2009, is now install date upon install
  • slug creation problems on servers with no mb extension
  • page options parent is blank, display no parent now
  • attempt to fix 3.0 upgrade issues, missing cache folder issue
  • Identify page on edit titlebar and footer
  • SECURITY: Settings $LANG persistent xss injection.
  • SECURITY: xss vulns in backupedit, filebrowser, error_checking, edit
  • SECURITY: ajax.php dir traversal
  • SECURITY: ununsed antixss typo
  • SECURITY: Data leakage via traversal inclusion on frontend
  • SECURITY: removed loadtab.php, arbitrary code execution

Version 3.2.0 (2013-02-11)

  • Added Flush Cache link to settings to clear all caches
  • Sorted list now sort using natural sort, fixes file01,file10,file2
  • New plugin toggle handling, and speed improvements.
  • Generate missing thumbnails preview visits, useful for ftped files
  • Style changes to CkEditor, all editors should inherit GS styles now, some border fixes
  • Codemirror style changes, better programming fonts, lineheight, alignments fixes
  • Removed image link borders in emails
  • Added utf-8 meta to cardinal theme
  • Menu items now contain class "active" in addition to current, more standardized for frameworks.
  • GS css compression fixes
  • Added Fluid Fullwidth admin style via `define('GSSTYLE',GSSTYLEWIDE)`
  • Debug Mode Link now points to wiki debugging section
  • JQuery-ui is now loaded on all backend pages, not just when used
  • Profile settings now contain field for setting a display name for the user.
  • Plugins that need update are now styled more visibly'
  • Plugin tabs and sidemenus contain classes to style them, plugin_tab and plugin_sb respectively


  • admin css definitions moved from `style.php` to `css.php` include, problematic if users changed style.php
  • GS used to force php error suppression, GS will no longer do this unless `SUPPRESSERRORS` is set.
  • Plugins are no longer activated automatically upon installation

New config directives

  • GSNOVERCHECK - Disable persistant header version checking
  • GSTIMEZONE - Timezone string for server default timezone
  • GSNOSITEMAP - Disable sitemap generation
  • GSSTYLE - Set an alternative style, eg. GSSTYLEWIDE
  • GSDEBUGINSTALL - Debugging, Prevent removal of install files for debugging installs
  • SUPPRESSERRORS - reproduce previous GS behavior ragarding php error supression


  • Fix for failed login ip whois lookup
  • File manager / upload issues, IE fixes etc.
  • Fix for various file traversal exploits on authenticated users
  • filebrowser, uploads, downloads, deletefile, themeedit
  • executing php functions from url, Deprecated ajax.php
  • Hidden templates showing up eg. `.filename`
  • bad API results get returned and not filtered
  • Components with empty content are removed
  • Uploads column headers in debug mode swapped
  • Cannot set user timezone if strict php mode, corrupt nonces
  • Mysterious broken logins issue
  • Creating page without a title deletes the content
  • Child page can set self as parent
  • Changing name of component doesn't focus the input
  • Site name encoding in backend and frontend
  • XSS on archive.php
  • Archive Backups not working on Windows hosts
  • Fix $kill notices on install.php
  • Fix for multiple plugin read xml
  • Plugins should not be automatically enabled
  • Remove GS version number from admin login
  • autosave using milliseconds not seconds for timing
  • theme editor missing wrapper
  • Health Check version is missing when upgrade available
  • Upload throwing a get 404 error asset load
  • Auto Save saves slug changes as they occur if set too fast.
  • Version check in javascript

Version 3.1.2 (2013-06-28)

  • Fixed a minor filebrowser issue (problems when using subfolders & multiple files). Not critical

Version 3.1.1

  • Sitemap generation fix
  • Pages cache fix
  • Plugins cache fix
  • Better theme editor file detection
  • Better detection of an empty slug or page title upon page save
  • Thumbnail creation in subfolders fix
  • Menumager updates
  • Better detection of an empty slug or page title upon page save
  • New error loggin class
  • Debuglog fixes
  • Added new GSCONFIG option GSNOHIGHLIGHT to enable/disable highlighting in theme editor
  • Lots of tidy up of code.

Version 3.1

  • Automatic generation of sitemap when changes occur (create,delete pages/settings)
  • Better notification when GetSimple core needs updating
  • Notification when plugins are out of date via Extend API
  • Ability to "clone" a page
  • Breadcrumbs removed from <h1> in admin panel
  • Theme editor has syntax highlighting and is now full-screen
  • Theme editor allows you to edit any file within the /theme/ folder
  • CAPS LOCK detection for password fields
  • Login page hooks now working again
  • Can "undo" a page slug change
  • When ZipArchive is not available, website backup creates a tar.gz file
  • All delete/enable/disable functions have been ajax-ified
  • If there is only one language installed, it is the default language. No longer is en_US hardcoded as default.
  • Login cookie is now Sitewide-enabled by default
  • MIME type validation of files that are uploaded, also restricts certain upload file extentions (php, sh, js, html)
  • Removed jQuery plugin quick-paginate
  • Upgraded jQuery to 1.7 via Google CDN; GS jQuery refactoring/cleaned code
  • You can now view a "private" page if you are logged in
  • Innovation plugin is i18n language compatible
  • Drag and drop menu management
  • The GetSimple API was created
  • The core now supports the HTTPS protocol
  • Ability to turn off CSRF protection in gsconfig.php
  • Page autosave feature added (disabled by default) 
  • Admin panel theme bug fixed
  • Can force template files to be ignored in page editor with .inc.php
  • Mike's "page caching" plugin is included in the core for faster reading of XML files

Version 3.0

  • Change of login to be multi-user compatible - Meaning XML files are being migrated by update.php
  • Control panel width increased from 900px to 960px
  • Can enable/disable plugins
  • A new default theme utilizing HTML5 & CSS3
  • Conversion of all i18n calls to a new function
  • GS now cleans up image names when they are uploaded (removing invalid chars & spaces)
  • Fix of PHPFILE_INFO to be backwards compatible with PHP < 5.2
  • gpc magic quotes fixes
  • Languages can now be used on first setup screen
  • /admin/ path can be changed with gsconfig.php
  • All code documentation changed to PHPDoc style
  • Archive zip changed to native PHP function
  • Ability to have more than one level in the main navigation
  • 404 header fix
  • Image cropping ctrl or cmd keyboard changed to stop conflict with certain browsers
  • Cleanup of code (making new functions)
  • Cleanup of all template functions (depreciated certain functions)
  • CSS3 style updates
  • Major refactors to two pages: Support & Settings
  • iOS features added so the administrative panel acts as a iPad web-app
  • Basic admin panel theming introduced
  • Multiple subfolder support in File Management
  • Upgrade of jQuery, FancyBox, CKEditor and Uploadify
  • Additional DEBUG information
  • Filebrowser to browser server files/images from within CKEditor
  • Ability to link to internal pages from within CKEditor
  • Removed most CKEditor languages

Version 2.03.1

  • Update to fix a vulnerability on logout.php

Version 2.03

  • Sanitization of $_SERVER variables to prevent XSS attacks
  • Additional "Submit" button on edit page. Delete link added
  • Custom permalink structure option added in Settings
  • Removal of 404 error reporting email option
  • Ability to set CHMOD mode for saved xml files (issue)
  • Force canonical redirects (issue)
  • CKEditor: setting of baseURL and ability to set custom toolbar
  • get_page_excerpt() template tag added
  • And many other smaller fixes. Your best bet is to look here

There was no official 2.02 release.

Version 2.01

  • Added Image Link to WYSIWYG toolbars
  • Upgraded to CKEditor 3.1
  • Fixed URL creation for nav, sitemap and menudata by centralizing around a function
  • Special chars don't break site title anymore
  • Added hash for extra login security
  • Sanitized ID variable that is used on index.php
  • Code in changedata.php added to verify it is being called from edit.php
  • Added code in cron.php, zip.php and sitemap.php to make them more secure
  • Ability to download web archive zip files fixed
  • Components organized when there are more than 3 listed
  • Added QSA to .htaccess file
  • Misc changes to aid in first-time uploads & table pagination
  • Removal of $uri variable in many pages. Replaced with $id
  • /admin/plugins moved to /plugins (moved into root folder)

Version 2.0

  • Added detailed image upload information for use in HTML
  • Automatic & custom image thumbnail generation
  • Upgraded Uploadify
  • CKEditor replaces TinyMCE
  • Plugin system added
  • Enhanced login and upload security
  • Optimized backend code
  • Theme file XMLHttpRequest error fixed
  • Meta Description added as a page option
  • Components titles are now editable
  • Many ajax & jQuery improvements

Version 1.71

  • Critical fix for vulnerability fixed with file upload
  • Fixed theme functions problem (Forum post)

Version 1.7

  • stripslashes() needed to be called on all edit.php fields (only effected apostrophes)
  • Default_Theme CSS/HTML fixes
  • Auto-login done after successful installation
  • Added cross-browser support for Control Panel
  • Timeouts added to cURL requests
  • Added PHP header() for 404 errors thanks to Brian
  • Various language file updates & additions (thanks to the many contributors)
  • menu_data() modification thanks to Mike
  • Case-insensitive check for available PHP/Apache modules during installation

Version 1.6

  • Smart Generation of .htaccess for subdomains
  • Internationalization of control panel
  • Total UTF-8 support for pages
  • Smart install procedure that checks and suggests CHMOD settings
  • Integrated Lighthouse ticket submission removed b/c of misuse
  • Theme functions.php now included automatically
  • Minor bug fixes

Version 1.5

  • Encoding problems fixed in the Page Edit & Components screens - Issue
  • Blank Install.php page fix
  • Minor bug fixes

Version 1.4

  • Install Loop fix by Derek
  • Ticket Submission fix thanks to Derek
  • Default Theme contact form fix thanks to David
  • PHP now allowed in Components thanks to Mike

Version 1.3

  • Fixes to the Contact Form
  • More attempts to fix file & folder permission issues

Version 1.25

  • CHMOD data folders upon install
  • Minor bug fixes

Version 1.2

  • Minor bug fixes

Version 1.1

  • Minor bug fixes

Version 1.0

  • First initial public release