concrete5 8.4.5, 8.5.0RC2 and have just been released! Please read on for more details.


Version 8.4.5 is a maintenance release that fixes a vulnerability in concrete5's My Account messaging service. If your site uses this functionality an upgrade is highly recommended. You can read more about this vulnerability here: Messaging System Vulnerability

This vulnerability was present in 8.5.0RC1 and present in 8.5.0RC2 and also contain fixes for this issue.


concrete5 version 8.5 gets closer and closer! Release Candidate 2 contains a number of minor bug fixes and behavioral improvements over the first release candidate. You can read about everything coming in 8.5.0 here.

concrete5 is our first release for the 5.6 codebase in two years, and contains a number of improvements, including PHP 7 support, removal of Flash requirements for the avatar picker, the aforementioned bug fix and more. Read more about what's new in It may be our last 5.6 release ever; if that's the case, it's a good one to go out on. Thanks so much to Remo and everyone else in GitHub for continuing development on the concrete5 legacy code base.