ImpressCMS 1.4.1 security and maintenance release

ImpressCMS 1.4.1 is now available!

This security and maintenance release fixes 6 issues, and resolves 2 potential security issues.

Security vulnerabilities

ImpressCMS 1.4.0 was affected by the following security issues, which are now solved in version 1.4.1

  • Github user Applebois notified us of a XSS issue when you are editing an adsense in the admin interface.
  • The jQuery version was bumped to v3.5.1 because version 3.4 and older contained some vulnerabilities.
  • Hackerone user techanonymous notified us of an XSS issues when editing a custom tag in the admin interface.

A big thanks to them for making ImpressCMS more secure in this version by privately disclosing the vulnerability to us. That has given us the time to prevent issues with existing sites and work on a fix.

 

The full list of changes in this release is available on our release page on Github.

 

This new release is available for download here

 

 

The comments are owned by the poster. We aren't responsible for their content.