pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/php-concrete-cms
Module Name: pkgsrc
Committed By: taca
Date: Mon Aug 11 16:14:33 UTC 2025
Modified Files:
pkgsrc/www/php-concrete-cms: Makefile distinfo
Log Message:
www/php-concrete-cms: update to 9.4.3
9.4.3 (2025-08-05)
Behavioral Improvements
* Many block types that didn't properly report their file usage to the
Dashboard File Details page now do so (thanks mlocati)
* RSS Feeds created and listed in the Dashboard now include a convenience
link to view the contents of the feed (thanks Mesuva)
* Force download view_inline will no longer download a file if the file is
not viewable inline, instead it will just return (thanks Allan-macareux)
* When comparing page versions, we will now sort the version IDs to ensure
that you're always comparing old versions to new versions regardless of
the order of query string arguments, and we'll also order the version IDs
in the tab description more sensibly.
* You can now set the background of stack contents in the Dashboard to a
temporary white or black (does not affect content or how its rendered) in
order to assist when working on content that differs from the Dashboard
color scheme (thanks mlocati)
Bug Fixes
* Many bug fixes to the Concrete content import/export system (thanks
mlocati)
* Fixed bug where Concrete proxy settings were not sending URLs that were
https:// through the proxy (thanks hissy)
* Sites that registered a proxy server in the Dashboard will now use that
proxy server when connecting to the marketplace for add-on downloads and
updates (thanks hissy)
* When editing the frontend of a site on mobile, the pages icon in the
toolbar was positioned incorrectly. This is now fixed.
* Fixed error when assigning a new page attribute to multiple pages via Page
Search (thanks danklassen)
* Fixed bug where Option List attributes that were defined through CIF XML
on import or through custom code were not properly assigning to a page.
* Fixed error where leaving a comment larger than 255 characters on a page
version would trigger a database error (thanks SashaMcr)
Developer Updates
* Massive improvements to block import and export, including the ability to
import and export many block types that were not possible (Calendar,
etc…) (thanks mlocati)
* Minor translation improvements (thanks mlocati)
* Certain ancient functions now marked as deprecated since PHP provides
their functionality natively (thanks mlocati)
* We now dispatch the "on_add_canonical_page_path" when adding a canonical
path (thanks biplobice)
* Fixed bug running the c5:ide-symbols console command under certain
conditions (thanks mlocati)
Security Fixes
* Fixed CVE-2025-8571 Reflected XSS in Conversation Messages Dashboard Page
by adding more sanitization to the Url::setVariable method with commit
12643 for version 9 and commit 12646 for version 8. The Concrete CMS
security team gave this vulnerability a CVSS v.4.0 score of 4.8 with
vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N.
Unsanitized input could cause theft of session cookies or tokens,
defacement of web content, redirection to malicious sites, and (if victim
is an admin), the execution of unauthorized actions. Thanks Fortbridge
for performing a penetration test and vulnerability assessment on Concrete
CMS and reporting this issue.
* Fixed CVE-2025-8573 Stored XSS from Home Folder on Members Dashboard page
with commit 12643. The Concrete CMS security team gave this vulnerability
a CVSS v.4.0 score of 2.8 with vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. A rogue
admin could set up a malicious folder containing XSS to which users could
be directed upon login. Version 8 is not affected. Thanks sealldev for
reporting HackerOne 3145536.
* Fixed inconsistent behavior when using the rich text editor. Before the
fix, users pasting HTML into the "content" pane of the rich text editor
and saving the content resulted in HTML-escaped versions of the content.
Note that re-saving it would then save it as HTML.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/php-concrete-cms/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/www/php-concrete-cms/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/php-concrete-cms/Makefile
diff -u pkgsrc/www/php-concrete-cms/Makefile:1.11 pkgsrc/www/php-concrete-cms/Makefile:1.12
--- pkgsrc/www/php-concrete-cms/Makefile:1.11 Sat Jul 26 06:53:53 2025
+++ pkgsrc/www/php-concrete-cms/Makefile Mon Aug 11 16:14:33 2025
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.11 2025/07/26 06:53:53 taca Exp $
+# $NetBSD: Makefile,v 1.12 2025/08/11 16:14:33 taca Exp $
#
DISTNAME= concrete-cms-${GITHUB_RELEASE}
@@ -6,7 +6,7 @@ PKGNAME= ${PHP_PKG_PREFIX}-${DISTNAME}
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_GITHUB:=concretecms/}
GITHUB_PROJECT= concretecms
-GITHUB_RELEASE= 9.4.2
+GITHUB_RELEASE= 9.4.3
EXTRACT_SUFX= .zip
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
Index: pkgsrc/www/php-concrete-cms/distinfo
diff -u pkgsrc/www/php-concrete-cms/distinfo:1.9 pkgsrc/www/php-concrete-cms/distinfo:1.10
--- pkgsrc/www/php-concrete-cms/distinfo:1.9 Sat Jul 26 06:53:53 2025
+++ pkgsrc/www/php-concrete-cms/distinfo Mon Aug 11 16:14:33 2025
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.9 2025/07/26 06:53:53 taca Exp $
+$NetBSD: distinfo,v 1.10 2025/08/11 16:14:33 taca Exp $
-BLAKE2s (concrete-cms-9.4.2.zip) = e0d1e5bf11cc8f8a306115dbe72167ec37957fdde512a662e140f9eed731545b
-SHA512 (concrete-cms-9.4.2.zip) = bb79500906262f36f2d133d3153eb3daee40eb08d369d0d9da26ccbcbe4fa11b18af579fbed7e9db4b4b332ce05c2b8ca8ad37e3d2662d1399c3b8b905f1033b
-Size (concrete-cms-9.4.2.zip) = 76758499 bytes
+BLAKE2s (concrete-cms-9.4.3.zip) = 08e3858fbeec6870e7f0aa5a01dadd48329d0c4056e31efb4066d89c5084780b
+SHA512 (concrete-cms-9.4.3.zip) = 3da96631c9eeef1b590c311856c9ea27dcc8060f876b0c4569654b74d5fc67777a360acde3b7322e9c0757e204e1d667092decd146452f7fb5fc517cc3819ffa
+Size (concrete-cms-9.4.3.zip) = 76770161 bytes
Home |
Main Index |
Thread Index |
Old Index