Closed CVE with this release (or earlier 2.6.x releases):

New Features

Bug Fixes

  • fd4c0d3d96 Update Session class to PHP 7 specification
  • b0f9adfc0b Made generateNonce() return value url safe
  • 057526a49d Prevent errors if EXTENSIONS is un readable
  • 7ea69d0e1a mt_srand function argument must be an integer
  • ccbe6936c5 Prevent cookie issues when running behind a proxy #2590
  • e7b4b56ad7 Allow install in folders with special chars
  • 5f2ecade0e Make sure user can delete the author #2572
  • 27ea8968d0 Fix cookie safe url creation
  • 09b4c04e8b Remove trailing slash from safe cookie path
  • 3d1748d1b5 Fixing potential XSS
  • f1d7b05a95 Sanitize error message
  • 53f3ebfadd Output password and email even when auth == 0
  • 02687ee307 Fix SQL problem with AND (+) operation
  • 26067868ea Supress warning when chmod does not work
  • ee5a4aef98 Return true in the error handler
  • 6809b28cbd Make sure configuration is traversable
  • 9bcb03048d Constructor with 1 parameter always = 'No error'
  • a7a05368b7 Fix Association Drawer: problem when parent_section_field_id is null #2620
  • b8c5014783 Refactor on DataSource::determineFilterType()'s
  • e4b8e5aca4 Correct check for undefined variable #2623
  • 5bde94fcd6 Fix for MySQL ANSI compliance issue with order by
  • 4f8332b9be Fix for MySQL 5.7 Strict mode
  • b5ce52e578 Prevent script and link injection on login page
  • 2e31e6437c Fix $_fetchSortFieldidocumentation
  • f742a3b171 Fix remote code execution by auth'd users
  • b3a82da48b Make sure we call stripslashes on read
  • 9f26a2e7dc Call stripslashes on index pages as well
  • 2b774b4574 Fix unselectable element after a reorder
  • 6201a2dd85 Fix broken filter suggestions in DS Editor
  • 0a78172b98 Make sure Authors emails are always validated
  • 2451c24112 Fix wrong entries-per-page when result is empty
  • 0ddd49d402 Prevent XSS with section's name and nav group
  • 257aab2deb Prevent acting on non existing tables #2664
  • 0d86029304 Remove the attempt at fixing duplication of data
  • b43397b41d Better fix for MySQL 5.7 Strict mode
  • a5074dc2c5 EntryManager hotfix, field is not an instance of Field, it's an array of field data. RE: #2678
  • 86240d361e Refactor General::limitWords so it actually makes sense...
  • 31a4bf37c1 Sanitize section's name and nav group
  • 5d6cc03ffc Fix not-regexp which leads to wrong results #2695
  • dd5ae51b07 Properly sanitize the section`s name
  • 64d1dd614d Fix the wrong count of associated entries #2697
  • fe762bd15a Make sure we always have a date and time format #2705
  • 8bce5797f0 Fix broken AND ( + ) filtering #2694
  • 70f2a21988 Fix js error when no visible items exist
  • a86bef00c9 Add default values for date columns
  • d6c7303af3 Sanitize events and datasources' sources

Minor Updates

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details