GetSimple Support Forum

Full Version: GetSimpleCMS V3.3.5 released
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

  • FIX: #974 files does not show permissions on windows
  • FIX: #973 image.php dir traversal SECURITY
  • FIX: #972 log.php xss SECURITY
  • FIX: #971 prevent backend in frames x-frame policy SECURITY
  • FIX: #970 better cookie security SECURITY
  • FIX: #969 backup-edit traversal SECURITY
  • FIX: #966 Security vulns SECURITY
  • FIX: #965 corrupt page fatal error
  • FIX: #948 Fatal Error => zip-Backup
  • FIX: #945 placeholder confusion
  • FIX: #944 XML External Entity (XXE) Vulnerability in admin/api.php SECURITY
  • FIX: #979 some debug info when uploading image
  • FIX: #996 Reverse Proxy : url detection
Great! I am just testing it
Really good to know that GS stays secure.
These are all fairly minor btw, they are targeted attacks against authenticated users.
I'm getting a version check error after upgrading. The api url is working fine though (
what version did you upgrade from?
Did you flush cache and try again?
Did you check again after 12 minutes?

older versions of GS cached this forever, if your checks ever failed you would never know you just kept seeing the cache file forever, you just did not know it was failing, now you do.
Hi Shawn,

Can you make sure the Stable version with CKEditor patched to v4.3.2 also gets updated to 3.3.5? That version is currently still on 3.3.4.

Thanks man!
done, I forgot to move the tag, I will be bumping the cke version in a few days to 4.4.7
(2015-02-16, 00:53:07)shawn_a Wrote: [ rel="nofollow" -> ]done, I forgot to move the tag, I will be bumping the cke version in a few days to 4.4.7

Thanks man! I assume the new cke editor will definitely be integrated in GS v3.4?

Installing the Stable version with CKEditor patched for is a good stop-gap measure for IE11 users in the meantime but it would be good to have this fully IE compatible-version also be included in the Latest Stable Version.
I think I will release 3.3.6 with it, and offer a backport to 3.3 if it breaks anyones plugins.
Updated, and everything looks good.

Had a moment of slight panic when the page content editor disappeared. Just had to clear the browser cache... Smile
Yeah not sure why it does that, I might have to add version strings to the urls