PivotX 2.3.9 Update Released

“Pivotx 2.3.9 maintenance update . Since this release fixes a security-issue, it is a recommended upgrade for all PivotX 2.x websites.”

PivotX is free software to help you maintain dynamic sites such as weblogs, online journals and other frequently updated websites in general.

It’s written in PHP and uses MySQL or flat files as a database. PivotX is also a great tool to maintain more complex websites as well.

Its powerful core and flexible template system make it easy for developers to adjust and extend. Whether you want an easy-to-use, robust blogging tool or are looking to push things to the max – PivotX offers the best of both worlds..

Changes Detail

Security issues

• A file upload vulnerability and various XSS issues on the admin pages. Mitigated by the fact that an attacker must have an PivotX account. All issues require that the attacker has a PivotX account/user, so for sites with multiple users, you will want these patched.

Other bug fixes

• For flatfile databases:
• Adding excerpts to the output from getLatestPages so page excerpts are displayed on the dashboard.
• ‘read_entries’ should not change the current entry (since read_entries is used for other things than creating subweblogs).
• Bug fix in session cookie domain – any subdomain named “wwwX” (where X is any character) resulted in an invalid domain for the cookie.
• Set UTF-8 for debug window (and also give it a title).

[otw_is sidebar=otw-sidebar-8]