A vulnerability in concrete5 which permitted authenticated users to view the contents of arbitrary messages was reported on February 11, 2019. No information identifying individuals was exposed. A fix was added to the concrete5 repository on Monday, February 15, 2019 and mitigated on the concrete5.org website on Wednesday, February 20, 2019.
All concrete5 sites should update to versions 8.4.5 or 126.96.36.199. The concrete5.org website has been upgraded and messages are no longer vulnerable, and no evidence was found that suggests this vulnerability was exploited on the website.
Interested in working directly with the core team of a successful open source project? We'd love to hear from you.
Here's just a few ideas we quickly put together that might work for a summer project, but we'd be happy to review yours as well:
- Implement new UX changes to our file manager.
- Build an example database application using Express and create documentation for it.
- Rebuild our old showcase area as a more modern stand-alone site.
- Build a website for your favorite charity using concrete5.
- Help turn the Conversations block into a fully featured forum.
- Flesh out all the routes in our REST API
- Smoother, more powerful and user-friendly migration tool from 5.6 -> v7+
- Implement an asset pipeline system, as per https://github.com/concrete5/c
- Check out Github to see what we're working on and pitch your own idea!
Join us for another online town hall meeting on Tuesday (2019/02/05, 5 February 2019) at 9:30am Pacific
It's here! concrete5 v8.4.4 has arrived: http://concrete5.org/download
This version is a pretty light update, but there are some worthwhile security updates and a couple nice enhancements including:
Our monthly first tuesday meeting got into a scheduling limbo with the new year.
We're still planning on being online at 9:30AM Pacific in Google Hangouts:
Join us for the first concrete5 townhall meeting of 2019 on Tuesday, January 8th (8 January) at 9:30 a.m. PST.
We will be ringing in the new year on our normally scheduled meeting date, so the first Tuesday of each month, so let's meet one week later.
Just a quick reminder that we're doing another get together online next Tuesday the 4th at 9:30am Pacific
We had a great time reconnecting and chatting about concrete5 at the Town Hall last Tuesday. Here's some of the big take aways:
We believe that follow up is important. Cascadia PHP/concrete5con was an awesome way to connect with the community back in September, but it’s November now and we’ve mostly had our head down working on projects.