Please see special notes on UPGRADING in the Wiki

Download Files are HERE


Latest Version Release Notes


Detailed changelog and releases can be found on Github

Releases may be available on github before they appear here.



Old Versions

Version 3.3.15 (2018-9-21)

  • #1238 debug_backtrace() was changed in PHP 7 (OPTIONAL WITH GSBTFIX) now

Version 3.3.14 (2018-09-01)

  • #1243 upload ext not lowercase
  • #1224 CVE 2017-8081 SECURITY
  • #1223 php 7 deprecates char arrays

  • #1238 1238 debug_backtrace() was changed in PHP 7

Version 3.3.13 (2016-10-11)

  • #1194 thumbnail creation Bug -oleg06

Version 3.3.12 (2016-09-18)

  • #1191 settings not showing permalink properly CRITICAL

Version 3.3.11 (2016-08-10)

  • #1177 Getsimple CMS <= 3.3.10 Arbitrary File Upload Vulnerability - s0nk3y
  • #1159 Built-in transliteration - cnb - dimayakovlev 
  • #1181 no default font color

Version 3.3.10 (2016-06-06)

  • #1147 settings password form fill annoyance
  • #1145 utf-8 all xml headers
  • #1144 FILTER_SANITIZE_FULL_SPECIAL_CHARS not supported php 5.2
  • #1143 Duplicate id #sitename on settings
  • #1120 Core Data Files can not be used as custom data storage Feature
  • #1149 disable chmods GSDOCHMOD
  • #1136 Preserve case in uploads define('GSUPLOADSLC',false)
  • #1155 ckeditor 4.5.9 ( fixes toolbar cache issue with 3.3.9 )
  • #1161 ckeditor plugins and disable autogrow

Version 3.3.9 (2016-04-20)

          Please see special notes on this release in the Wiki

  •  #1137 update ckeditor to latest (4.5.7), also adds codesnippet and autogrow cke plugins

Version 3.3.8 (2016-02-02)

  • #1130 theme.php persistent xss injection SECURITY
  • #1127 theme.php POST template persistent xss SECURITY
  • #1111 page delete never fails on error
  • #1103 Reflected XSS - Uploads section SECURITY
  • #1131 Function createBak in 3.3.x always return false

Version 3.3.7 (2015-08-23)

  • FIX #1077 upload protection breaks on apache 1.3
  • FIX #1074 Stored XSS in the USER profile SECURITY
  • FIX #1071 disabled select text color
  • FIX #1067 Persistant/Stored XSS while creating page and also in backups SECURITY
  • FIX #1065 uploadifybutton not themed
  • FIX #1078 plugin api checks can crash plugins.php added GSNOPLUGINCHECK
  • FIX #1081 x-frame can break stuff
  • NEW #1089 format xml files GSFORMATXML

Version 3.3.6 (2015-07-13)


  • FIX #1029 page save never fails
  • FIX #1028 gsnoframe applies to front end
  • FIX #1048 definition check issues
  • FIX #1043 install apache error is misleading
  • FIX #1049 cke sperators are not visible
  • FIX #1060 file upload security bypass, using whitelist and mime checking SECURITY
  • FIX #1059 filebrowser arbitrary js injection SECURITY
  • FIX #1058 thumb.php security bypass copy/move files SECURITY
  • FIX #1057 theme-edit directory traversal SECURITY
  • FIX #1050 Page 'Meta Description' contains Style/Script declarations
  • FIX #1046 Persistent XSS - GetSimpleCMS 3.3.5 SECURITY
  • FIX #1064 plugins table has no highlight
  • NEW #1032 upload execution protection
  • NEW #1042 new blacklist extensions
  • NEW #1044 ckeditor keep some empty tags
  • NEW #1051 strip shortcodes

Version 3.3.5 (2015-02-04)

  • FIX: #974 files does not show permissions on windows
  • FIX: #973 image.php dir traversal SECURITY
  • FIX: #972 log.php xss SECURITY
  • FIX: #971 prevent backend in frames x-frame policy SECURITY
  • FIX: #970 better cookie security SECURITY
  • FIX: #969 backup-edit traversal SECURITY
  • FIX: #966 Security vulns SECURITY
  • FIX: #965 corrupt page fatal error
  • FIX: #948 Fatal Error => zip-Backup
  • FIX: #945 placeholder confusion
  • FIX: #944 XML External Entity (XXE) Vulnerability in admin/api.php SECURITY
  • FIX: #979 some debug info when uploading image
  • FIX: #996 Reverse Proxy : url detection

Version 3.3.4 (2014-10-08)

  • FIX #904  new page nonindex existing-url notices
  • FIX #903  fix undo for create new page 
  • FIX #902  Missing argument 1 for getRegexUnicode() notices
  • FIX #929 admin panel sidebar on Safari, weird transition

Version 3.3.3 (2014-8-21) 

  • FIX #894 component slugs case sensitive -sarnaiz
  • FIX #891 Ckeditor toolbar newline issue -cnb
  • FIX #867 pages cache (pages.xml) not updated after UNDO operation, in page edition
  • FIX #866 GSSUPPRESSERRORS constant typo -flexphperia SUPRESSERRORS still works but is now deprecated
  • FIX #825 setup form still showing on install error
  • FIX #821 filetime uses ctime -lnickel
  • FIX #818 scrolltofixed assets -mvlcek
  • FIX #805 component xml corruption -emanwebdev
  • FIX #623 Only Https for Admin issues

Version 3.3.2 (2014-5-16)

  • FIX #806 fix broken wiki links, using /docs rewrites now
  • FIX #788 Update template.php validation issue -STudio26
  • FIX #797 numerous settings fields allow persistent xss
  • FIX #793 GSUSECUSTOMSALT changes
  • FIX #745 Formatted xml data files problems
  • FIX #784 pagecache contains url in duplicate
  • FIX #713 Slug matching root folder saveable -n00dles
  • FIX #765 unable to upload jpeg (genStdThumb) -flexphperia
  • FIX #728 no gd fatal errors -lnickel
  • FIX #764 simplexml missing check
  • FIX #771 upload filename cleaning @ -b3n
  • FIX #776 json toolbar not working
  • FIX #775 custom toolbar not working -Markus00000
  • FIX #524 no cache control
  • FIX #773 add exist checks on unlink tmp files
  • FIX #735 temp files are deleted
  • FIX #774 uploadify does not error out
  • FIX #772 file upload overwrite protection double encoding
  • FIX #695 permalink not trimmed
  • FIX #580 htaccess rewrite config
  • FIX #812 reset password username leakage -
  • NEW #344 reset password issues
  • NEW #790 get_Page_Excerpt refactor
  • NEW #711 sidebar links to components, focus component content
  • NEW #709 create component doesn't focus input
  • NEW #750 debugLog improvements, accepts arrays as argument
  • NEW #682 Compatibility with Apache v2.4
  • NEW #766 lang file loading protection
  • NEW #770 Make installs more simple
  • NEW #737 mb_internal_encoding not set
  • NEW #767 Remove Yahoo ping sitemap function DEPRECATED
  • NEW #653 header content-type utf-8
  • NEW #683 htaccess wrap rewrite

Version 3.3.1 (2014-2-11)

  • FIX #753 support plugins that modify cke globals
  • FIX #751 menu manager subsequent saves fail -apt
  • FIX #744 left in debugging
  • FIX #742 missing failedlogins.log issue


Version 3.3.0  (2014-1-28)

  • FIX #310 caching hooks unusable
  • FIX #363 Sitemap hooks broken, New filter added
  • FIX #466 Session expire redirects do not resume
  • FIX #512 Install password not showing
  • FIX #531 slug prefixed with dash if page title begins with a space
  • FIX #576 anonymous data plugin sidemenu
  • FIX #603 Edit / Pages not using page cache
  • FIX #608 Install emails not received
  • FIX #614 Curl init not being checked
  • FIX #615 failure log corruption utf-8 cyrillic usernames
  • FIX #617 backup-edit ckeditor config entities
  • FIX #625 Long Site names overflow login form
  • FIX #626 $EDOPTIONS comma safe
  • FIX #631 cke globals are not actually global
  • FIX #633 i18n_r called before lang loaded
  • FIX #646 health check xml invalid if empty
  • FIX #647 Logins broken by php notice/warnings
  • FIX #648 Login cookie set twice
  • FIX #661 admin styles are cached and old after upgrades
  • FIX #667 Mail warning on install, breaks cookies
  • FIX #673 ajax redirects not handled
  • FIX #710 Plugins not sorted
  • FIX #718 cannot redeclare in upload.php
  • FIX #721 ck-editor IE10 fatal errors
  • FIX #734 plugins updated js messages not translated
  • FIX #686 setup shows the form again if there is a mail error
  • NEW #469 Always show component tags
  • NEW #562 i18n fallback default language
  • NEW #589 cutting edge and betas
  • NEW #605 Dynamic css classes in menus
  • NEW #609 Missing page cache implementations
  • NEW #637 detect api timeouts for error handling
  • NEW #641 better health check for disabled functions
  • NEW #642 Better textarea tab spacing
  • NEW #651 additional health check info
  • NEW #653 header content-type utf-8
  • NEW #659 Increase cookie timeout
  • NEW #664 update.php issues
  • NEW #668 add page cache filter
  • NEW #669 add sitemap filter
  • NEW #674 cannot update or install from root
  • NEW #688 lazy loading pagecache in caching functions -cnb
  • NEW #711 component input focus on side nav -cnb
  • NEW #705 phantom / invisible slugs
  • NEW #712 add editor link filter
  • NEW #722 ckeditor upgraded to 3.6.6


Version 3.2.3 (2013-08-24)

  • FIX: $EDOPTIONS gets a , prefixed to it breaking plugins cke

Version 3.2.2 (2013-08-08)

  • NEW: refactor plugins checking, plugins are only scanned on plugins page now
  • NEW: Persistent plugin api calls on backend, now confined to plugins page only
  • NEW: Replaced memory_limit -1 with 100M in thumb.php
  • NEW: javascript injection filtering on pages display
  • NEW: enabled auto saving to live pages for general testing
  • NEW: File upload whitelists advanced config
  • NEW: Remove branding from public admin pages
  • NEW: Added github link on support page
  • NEW: Improved ckeditor options and toolbar config capability
  • NEW: Hide innovation settings if theme is not innovation
  • NEW: Added google+, many others, to innovation theme social
  • NEW: Added css classes for widesec and wideopt
  • NEW: Switching Themes shows preview image now
  • NEW: CKEditor dataformatter behavior, breakbefore and indentation formatting changes
  • NEW: Remove back end assets from public front end auth pages
  • NEW: Auto meta descriptions no longer default, added GSAUTOMETAD
  • NEW: Remove meta generator
  • FIX: get_api_details fails, added debug handlers and improved detection and fallbacks
  • FIX: Fix cdns to fallback to local
  • FIX: Codemirror theme editor broken when Admin folder changed
  • FIX: CSRF Detected
  • FIX: Thumbnails not created

Version 3.2.1 (2013-04-25)

  • restored missing version in admin footer
  • health check plugins.xml chmod check 644 writable          
  • Some javascript i18n translations missing
  • removed extra install.php from core
  • fixed missing undo link for page deletions
  • Default index.xml date was sep 2009, is now install date upon install
  • slug creation problems on servers with no mb extension
  • page options parent is blank, display no parent now
  • attempt to fix 3.0 upgrade issues, missing cache folder issue
  • Identify page on edit titlebar and footer
  • SECURITY: Settings $LANG persistent xss injection.
  • SECURITY: xss vulns in backupedit, filebrowser, error_checking, edit
  • SECURITY: ajax.php dir traversal
  • SECURITY: ununsed antixss typo
  • SECURITY: Data leakage via traversal inclusion on frontend
  • SECURITY: removed loadtab.php, arbitrary code execution

Version 3.2.0 (2013-02-11)

  • Added Flush Cache link to settings to clear all caches
  • Sorted list now sort using natural sort, fixes file01,file10,file2
  • New plugin toggle handling, and speed improvements.
  • Generate missing thumbnails preview visits, useful for ftped files
  • Style changes to CkEditor, all editors should inherit GS styles now, some border fixes
  • Codemirror style changes, better programming fonts, lineheight, alignments fixes
  • Removed image link borders in emails
  • Added utf-8 meta to cardinal theme
  • Menu items now contain class "active" in addition to current, more standardized for frameworks.
  • GS css compression fixes
  • Added Fluid Fullwidth admin style via `define('GSSTYLE',GSSTYLEWIDE)`
  • Debug Mode Link now points to wiki debugging section
  • JQuery-ui is now loaded on all backend pages, not just when used
  • Profile settings now contain field for setting a display name for the user.
  • Plugins that need update are now styled more visibly'
  • Plugin tabs and sidemenus contain classes to style them, plugin_tab and plugin_sb respectively


  • admin css definitions moved from `style.php` to `css.php` include, problematic if users changed style.php
  • GS used to force php error suppression, GS will no longer do this unless `SUPPRESSERRORS` is set.
  • Plugins are no longer activated automatically upon installation

New config directives

  • GSNOVERCHECK - Disable persistant header version checking
  • GSTIMEZONE - Timezone string for server default timezone
  • GSNOSITEMAP - Disable sitemap generation
  • GSSTYLE - Set an alternative style, eg. GSSTYLEWIDE
  • GSDEBUGINSTALL - Debugging, Prevent removal of install files for debugging installs
  • SUPPRESSERRORS - reproduce previous GS behavior ragarding php error supression


  • Fix for failed login ip whois lookup
  • File manager / upload issues, IE fixes etc.
  • Fix for various file traversal exploits on authenticated users
  • filebrowser, uploads, downloads, deletefile, themeedit
  • executing php functions from url, Deprecated ajax.php
  • Hidden templates showing up eg. `.filename`
  • bad API results get returned and not filtered
  • Components with empty content are removed
  • Uploads column headers in debug mode swapped
  • Cannot set user timezone if strict php mode, corrupt nonces
  • Mysterious broken logins issue
  • Creating page without a title deletes the content
  • Child page can set self as parent
  • Changing name of component doesn't focus the input
  • Site name encoding in backend and frontend
  • XSS on archive.php
  • Archive Backups not working on Windows hosts
  • Fix $kill notices on install.php
  • Fix for multiple plugin read xml
  • Plugins should not be automatically enabled
  • Remove GS version number from admin login
  • autosave using milliseconds not seconds for timing
  • theme editor missing wrapper
  • Health Check version is missing when upgrade available
  • Upload throwing a get 404 error asset load
  • Auto Save saves slug changes as they occur if set too fast.
  • Version check in javascript

Version 3.1.2 (2013-06-28)

  • Fixed a minor filebrowser issue (problems when using subfolders & multiple files). Not critical

Version 3.1.1

  • Sitemap generation fix
  • Pages cache fix
  • Plugins cache fix
  • Better theme editor file detection
  • Better detection of an empty slug or page title upon page save
  • Thumbnail creation in subfolders fix
  • Menumager updates
  • Better detection of an empty slug or page title upon page save
  • New error loggin class
  • Debuglog fixes
  • Added new GSCONFIG option GSNOHIGHLIGHT to enable/disable highlighting in theme editor
  • Lots of tidy up of code.

Version 3.1

  • Automatic generation of sitemap when changes occur (create,delete pages/settings)
  • Better notification when GetSimple core needs updating
  • Notification when plugins are out of date via Extend API
  • Ability to "clone" a page
  • Breadcrumbs removed from <h1> in admin panel
  • Theme editor has syntax highlighting and is now full-screen
  • Theme editor allows you to edit any file within the /theme/ folder
  • CAPS LOCK detection for password fields
  • Login page hooks now working again
  • Can "undo" a page slug change
  • When ZipArchive is not available, website backup creates a tar.gz file
  • All delete/enable/disable functions have been ajax-ified
  • If there is only one language installed, it is the default language. No longer is en_US hardcoded as default.
  • Login cookie is now Sitewide-enabled by default
  • MIME type validation of files that are uploaded, also restricts certain upload file extentions (php, sh, js, html)
  • Removed jQuery plugin quick-paginate
  • Upgraded jQuery to 1.7 via Google CDN; GS jQuery refactoring/cleaned code
  • You can now view a "private" page if you are logged in
  • Innovation plugin is i18n language compatible
  • Drag and drop menu management
  • The GetSimple API was created
  • The core now supports the HTTPS protocol
  • Ability to turn off CSRF protection in gsconfig.php
  • Page autosave feature added (disabled by default) 
  • Admin panel theme bug fixed
  • Can force template files to be ignored in page editor with .inc.php
  • Mike's "page caching" plugin is included in the core for faster reading of XML files

Version 3.0

  • Change of login to be multi-user compatible - Meaning XML files are being migrated by update.php
  • Control panel width increased from 900px to 960px
  • Can enable/disable plugins
  • A new default theme utilizing HTML5 & CSS3
  • Conversion of all i18n calls to a new function
  • GS now cleans up image names when they are uploaded (removing invalid chars & spaces)
  • Fix of PHPFILE_INFO to be backwards compatible with PHP < 5.2
  • gpc magic quotes fixes
  • Languages can now be used on first setup screen
  • /admin/ path can be changed with gsconfig.php
  • All code documentation changed to PHPDoc style
  • Archive zip changed to native PHP function
  • Ability to have more than one level in the main navigation
  • 404 header fix
  • Image cropping ctrl or cmd keyboard changed to stop conflict with certain browsers
  • Cleanup of code (making new functions)
  • Cleanup of all template functions (depreciated certain functions)
  • CSS3 style updates
  • Major refactors to two pages: Support & Settings
  • iOS features added so the administrative panel acts as a iPad web-app
  • Basic admin panel theming introduced
  • Multiple subfolder support in File Management
  • Upgrade of jQuery, FancyBox, CKEditor and Uploadify
  • Additional DEBUG information
  • Filebrowser to browser server files/images from within CKEditor
  • Ability to link to internal pages from within CKEditor
  • Removed most CKEditor languages

Version 2.03.1

  • Update to fix a vulnerability on logout.php

Version 2.03

  • Sanitization of $_SERVER variables to prevent XSS attacks
  • Additional "Submit" button on edit page. Delete link added
  • Custom permalink structure option added in Settings
  • Removal of 404 error reporting email option
  • Ability to set CHMOD mode for saved xml files (issue)
  • Force canonical redirects (issue)
  • CKEditor: setting of baseURL and ability to set custom toolbar
  • get_page_excerpt() template tag added
  • And many other smaller fixes. Your best bet is to look here

There was no official 2.02 release.

Version 2.01

  • Added Image Link to WYSIWYG toolbars
  • Upgraded to CKEditor 3.1
  • Fixed URL creation for nav, sitemap and menudata by centralizing around a function
  • Special chars don't break site title anymore
  • Added hash for extra login security
  • Sanitized ID variable that is used on index.php
  • Code in changedata.php added to verify it is being called from edit.php
  • Added code in cron.php, zip.php and sitemap.php to make them more secure
  • Ability to download web archive zip files fixed
  • Components organized when there are more than 3 listed
  • Added QSA to .htaccess file
  • Misc changes to aid in first-time uploads & table pagination
  • Removal of $uri variable in many pages. Replaced with $id
  • /admin/plugins moved to /plugins (moved into root folder)

Version 2.0

  • Added detailed image upload information for use in HTML
  • Automatic & custom image thumbnail generation
  • Upgraded Uploadify
  • CKEditor replaces TinyMCE
  • Plugin system added
  • Enhanced login and upload security
  • Optimized backend code
  • Theme file XMLHttpRequest error fixed
  • Meta Description added as a page option
  • Components titles are now editable
  • Many ajax & jQuery improvements

Version 1.71

  • Critical fix for vulnerability fixed with file upload
  • Fixed theme functions problem (Forum post)

Version 1.7

  • stripslashes() needed to be called on all edit.php fields (only effected apostrophes)
  • Default_Theme CSS/HTML fixes
  • Auto-login done after successful installation
  • Added cross-browser support for Control Panel
  • Timeouts added to cURL requests
  • Added PHP header() for 404 errors thanks to Brian
  • Various language file updates & additions (thanks to the many contributors)
  • menu_data() modification thanks to Mike
  • Case-insensitive check for available PHP/Apache modules during installation

Version 1.6

  • Smart Generation of .htaccess for subdomains
  • Internationalization of control panel
  • Total UTF-8 support for pages
  • Smart install procedure that checks and suggests CHMOD settings
  • Integrated Lighthouse ticket submission removed b/c of misuse
  • Theme functions.php now included automatically
  • Minor bug fixes

Version 1.5

  • Encoding problems fixed in the Page Edit & Components screens - Issue
  • Blank Install.php page fix
  • Minor bug fixes

Version 1.4

  • Install Loop fix by Derek
  • Ticket Submission fix thanks to Derek
  • Default Theme contact form fix thanks to David
  • PHP now allowed in Components thanks to Mike

Version 1.3

  • Fixes to the Contact Form
  • More attempts to fix file & folder permission issues

Version 1.25

  • CHMOD data folders upon install
  • Minor bug fixes

Version 1.2

  • Minor bug fixes

Version 1.1

  • Minor bug fixes

Version 1.0

  • First initial public release