Announcing CMS 9.3.4 and 8.5.19 releases!

Announcing CMS 9.3.4 and 8.5.19 releases!

Sep 13, 2024
by jessicadunbar

We are excited to announce the release of CMS 9.3.4 and 8.5.19! These updates bring significant improvements to security, functionality, and overall user experience, making it easier to manage and secure your website. Here's a breakdown of the key changes:

Download

9.3.4 New Features

  • Search by Cache Settings: In the Advanced Page Search, you can now search for pages based on their cache settings. This helps you quickly find and optimize pages for better performance.

9.3.4 Behavioral Improvements

  • Discord Added to Social Links: You can now easily link your site to Discord by adding it to your Social Links, helping to expand your community connections.
  • Required Redirect URL for API Integrations: When adding a new API integration, it is now mandatory to include a redirect URL. This ensures proper configuration and improves security for API communications.
  • Canonical URL Validation: CMS now validates the canonical URL when saving a page to ensure it's correctly formatted. This helps improve SEO and prevents potential URL issues.

9.3.4 Bug Fixes

  • Stack Dashboard Fixes: Fixed errors in the "Add Block" dialog on the Stacks Dashboard when running in strict mode. This ensures smoother block management on your site.
  • User Group Restrictions: You can no longer assign "Guest" or "Registered Users" groups to other users, which was never intended. This improves user role management and security.
  • Canonical URL Path Fix for Subdirectories: Resolved an issue where the canonical URL would sometimes fail to include the correct path if your CMS is installed in a subdirectory.
  • ExpressList Topic Filter: When selecting a topic to filter an ExpressList, the previously selected topic no longer remains selected. This ensures accurate filtering and content management.
  • CLI Command Improvements: The c5:package:install CLI command now correctly passes install options, allowing for smoother package installation.

9.3.4 Developer Updates

  • Top Navigation Bar Compatibility: The Top Navigation Bar now works better on themes that are not based on the Bedrock framework, ensuring more consistent styling across custom themes.
  • Deprecated Code Removal: Removed several instances of deprecated Core::make() code from the core, optimizing performance and reducing outdated dependencies.
  • Improved Package Command: The c5:package:pack command has been enhanced to allow a more flexible output path without requiring a ZIP file name, making it easier for developers to manage packages.

Read the 9.3.4 Release Notes

Read the 8.5.19 Release Notes

9.3.4 and 8.5.19 Security Fixes

Security is a top priority, and this release addresses several critical vulnerabilities in both CMS 9.3.4 and 8.5.19 to keep your site safe from potential attacks:

  • Stored XSS in Image Editor: Fixed a vulnerability in the background color of the image editor that allowed malicious scripts to be injected. This issue primarily affected admin users but is now resolved.
  • Calendar Event XSS: A vulnerability in the calendar event feature, where unsanitized event names could be used to inject scripts, has been fixed. This issue impacted users or groups with permission to create or modify calendar events.
  • Top Navigation Bar XSS: Resolved an XSS vulnerability in the "Top Navigation Bar" block where a rogue admin could insert harmful code. This only affects version 9 sites.
  • Next & Previous Navigation Block XSS: A similar XSS vulnerability in the "Next & Previous Nav" block has been addressed. Prior to this fix, a rogue admin could inject malicious scripts that would run when users visited the page.
  • File Manager XSS: Addressed an issue where administrators could add malicious code into the File Manager’s search filter. This vulnerability has been fixed, preventing code injection in search filters.
  • Custom Class Field XSS: A vulnerability in the custom class field on pages has been fixed. The system now ensures only alphanumeric characters are allowed in CSS class names, preventing the injection of harmful code.

For more information on these security fixes, visit our Security Release Blog.

Upgrade Today

By upgrading to CMS 9.3.4 or 8.5.19, you ensure that your website benefits from the latest performance, security, and feature enhancements. These updates are critical for keeping your site secure and running smoothly.

For more details on the new features in version 9, visit our Version 9 Landing Page.