We are excited to announce the release of Concrete CMS 9.3.3 and 8.5.18! This update focuses on enhancing usability, performance, and security, providing a better experience for all users.
Announcing CMS 9.3.3 and 8.5.18 Release
Release Highlights
Features
In this version, we’ve introduced a convenient new feature: an Add Page button in mobile view, making it easier than ever to manage your site on the go. Installation speed has also been significantly improved, cutting setup times by more than half, ensuring you can get started quickly.
Behavioral Improvements
Several behavioral improvements have been made to streamline your experience. Exporting user search results from the Dashboard now works flawlessly, and dialogs and panels display properly on small screens when editing on mobile devices. For enhanced security, cookies are automatically set as secure for HTTPS requests, and during installation, the specific user responsible for writable directories is now displayed if checks fail.
The Express Form block now uses proper email validation, and the file chooser’s items-per-page setting is configurable. We’ve improved the suggested nginx rules for enabling pretty URLs, renamed the Concrete Monolog Cascade package, and provided clearer explanations in the version scheduling interface. Additionally, various internal refinements, such as better output sanitization in the Top Navigation Bar block and fixing indexes for text fields, contribute to a more seamless user experience.
Bug Fixes
This release addresses numerous bugs to enhance stability and performance. The mobile editing menu now functions correctly, and errors in the remote updater have been resolved. Verbiage in older featured theme and add-on Dashboard notification blocks has been updated, and issues with malformed packages in the directory have been fixed.
Custom topics in the page list block are now saved properly, and calendar events created by deleted users can be edited. We've corrected the "length" ORM annotation in the SearchResult Health entity and fixed errors when using the Switch Language block. Additionally, linking to the marketplace now works even without public and private marketplace keys.
Other fixes include resolving issues with the "Print" option in the Share this Page feature, removing duplicate IDs from sharing service icons to comply with W3C validation, and addressing errors caused by the third-party library zircote/swagger-php in Composer installations. We've also fixed lingering version block entries, user attribute saving errors under specific conditions, and foreign key constraint violations when deleting users associated with Board InstanceSlotRules.
Security Enhancements for Version 9.3.3 and 8.5.18
On the security front, we’ve tackled several vulnerabilities to prevent cross-site scripting (XSS) attacks in various CMS components. These fixes enhance security against rogue administrators and ensure a safer environment for all users. For those interested in the technical details, please visit our security release blog post.
Security Announcements
If you want to dive deeper into the technicalities and view the specific security fixes, including CVE IDs and the commits that resolved them, visit our security release blog post.
Release Notes
For more detailed information, please visit our 9.3.3 Release Notes
For more detailed information, please visit our 8.5.18 Release Notes
For more details on all the new features and improvements in version 9, visit our landing page.