PivotX 2.2.3 released.

By Bob den OtterMonday 31 January 2011

We've released PivotX 2.2.3, as a maintenance release for PivotX 2.2. This update contains some updates for used libraries, some minor improvements, and a few bugfixes, including two potential XSS issues. This update is recommended for all PivotX users. The list of changes is as follows: 

  • Bugfix: Removed two XSS vulnerabilities from the search form tag. They were introduced when the placeholder was made dynamic on search pages. 
  • Changed: Two small changes to the debug module: PivotX now removes the debug file, if debug is disabled, and we make sure the file can't be read, without being logged in. 
  • Bugfix: Blocking reflected cross-site scripting vulnerability.
  • Bugfix: before_parse hook in renderSearch() didn't pass the modifier to the extension.
  • Bugfix, mainly for Chrome: Make sure the 'humanmsg' notification dialogs go away after a few seconds
  • Bugfix: Properly set the $modifier['uri'] when using search. 
  • Minor fix in rendering: Make sure that modifier['action'] is set properly for both example.org/weblogname and example.org/weblog/weblogname. 
  • Updated: jQuery UI was updated to version 1.8.9. This fixes some issues in Chrome. 
  • Updated: The Plupload library was updated to version 1.4.0.

Note: Some people missed the announcements earlier, but we've dropped support for PHP 4, starting with PivotX 2.2. This release will not work on PHP 4! If you're still stuck on PHP 4, you should really put some pressure on your hosting provider to upgrade your environment.

The release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer .tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.

PivotX docs

For support questions please visit the PivotX forum or search the PivotX book:

No comments

Remember personal info?
Hide email
Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.