PivotX 2.3.10 released

By Bob den OtterMonday 25 August 2014

We've released a new maintenance update for PivotX. This release fixes a minor security-issue, so it is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.

These are the changes since PivotX 2.3.9:

  • Properly escape user-controlled variables in the file explorer. (XSS)
  • Moblog fixes - debugging and handling of mails with images from the default iphone mail app.
  • Updated TinyMCE to 3.5.11
  • Strip HTML tags the the request variable "px_message". Thx, Waledac Oxana!
  • Wrong domain for session cookie if the web server is running on a non-standard port.

The PivotX 2.3.10 release can be downloaded from this location: pivotx.net/files/pivotx_latest.zip (or pivotx.net/files/pivotx_latest.tgz, if you prefer.tgz files). For setup instructions, we point you to our documentation: Getting the files & installing. If you're having trouble downloading the files, you can also download them from our sourceforge mirror.

PivotX docs

For support questions please visit the PivotX forum or search the PivotX book: