The second release candidate for ImpressCMS 1.3.11 is now available. This release candidate fixes some vulnerabilities in the installation routines and adds several translations directly in the core.
The release can be downloaded from our Github page
Omar Kurt at Netsparker notified us of potential XSS vulnerabilities in the installation routines. These have been fixed now.
Due to the location of the vulnerability in the installer, we consider the risk of these issues to be minor, because the installer should not be present on a site in production (it should be automatically removed at the end of the installation). Also, during installation there is no data present yet on the site. This doesn't mean we didn't need to fix the issue, and that has been done now.
ImpressCMS prides itself on making it very easy to setup and support a site in a different language then english. To show that even more, we are starting to include several more languages right into the installation routine so they are directly available.
We could use help in improving our language coverage, head over to our Transifex project to participate and make ImpressCMS available in your language as well!
Goal is to release the final version this Thursday, 6 december 2018.