Project News

Announcing CMS 9.4.0RC2 and 8.5.20 Releases

Apr 4, 2025, 1:23 PM

April Town Hall 2025

Date and Time: April 8, 2025, at 9:30 a.m. PDT (find your local time here) Location: Live on YouTube

Security News

2025-04-03 Concrete CMS Security Advisory - Security fixes in 9.4.0 Release Candidates

Apr 4, 2025, 1:18 PM

Concrete CMS 9.4.0 Release Candidate 1 (RC1) which was released in March 2025 fixed Stored Cross-Site Scripting (XSS)

2025-01-20 Concrete Security Advisory - CVEs upgraded to “Medium”

Jan 21, 2025, 8:55 PM

You might notice that a number of Concrete CMS CVEs have higher CVSS 4.0 risk rankings assigned by the CNA (that’s us!) than the last time you looked at them.

New Concrete CMS CVEs Published in conjunction with releases 9.3.4 and 8.5.19

Sep 13, 2024, 1:10 PM

The following CVEs affecting both version 9 below 9.3.4 and all other concrete versions below 8.5.19 have been sent to MITRE to publish