Over two months of constant development and testing has paid off. The Enano CMS team is proud to present Enano 1.0 Release Candidate 2, which will become the gold release if no further bugs are found. This release features the following improvements:
- Support for the TinyMCE WYSIWYG editor has been added. To counter the potential impact of non-administrators being unable to use the edit properly, a powerful filtering XML parser is also included, which was designed from the ground up to filter out malicious HTML while leaving legitimate HTML untouched.
- The login system now features a Javascript-based login box. The classic login page is still included to allow users with older browsers to continue to browse normally.
- The AJAX-based comment code has been rewritten from scratch to allow better compatibility between browsers and designed for extreme bandwidth conservation.
- The search system now uses MySQL's Fulltext engine to perform most searches, speeding up the searching considerably.
- A scope system has been implemented into the Access Control List API. It is namespace-based and allows for access types to be extended to other namespaces if needed.
- The ACL system now organizes permissions based on who is affected more efficiently. This prioritization fixed some behavior issues that were observed in RC1, for example group permissions overriding user permissions.
- Many stability fixes have been implemented, and compatibility with Microsoft IIS has been improved. Enano has been confirmed to be fully functional on Windows(R) Server 2008, IIS 7, and PHP 5.2.2.
- Two minor SQL injection vulnerabilities have been patched. Both involved SELECT queries and it was determined that no damage could have been done to a site through these vulnerabilities.
- A privilege escalation hole involving the editing of pages was patched. The hole was only exploitable if the attacker had edit permissions for the page, wiki mode was enabled, and the page was protected.
Users who find bugs are encouraged to report them to the Enano bug tracker. When submitting a bug, please provide detailed instructions for reproducing the bug, and ensure that the bug is not listed in the KNOWN_BUGS file, included with the Enano distribution.
Special thanks to Neal Gompa, who provided virtualization services that helped tremendously with testing and QA.
Finally, a big thanks goes out to anyone who has tried Enano so far. Your feedback and thoughts are greatly appreciated!
