Search find on this site
The Enano team is pleased to announce the release of Enano CMS version 1.0.6, code-named Roane, for immediate availability. This release addresses an XSS (Cross-Site Scripting) vulnerability in the shared HTML sanitizer, potentially allowing guests to inject arbitrary Javascript code into comments and pages. The vulnerability only affects users of Microsoft's Internet Explorer browser. We want to extend our thanks to the folks at nukeit.org who reported this.
Release notes are available in the usual place. Those who wish to patch the vulnerability without upgrading to 1.0.6 may use this patch, which will also apply to all versions of Enano 1.1.x (also vulnerable).
This release is part of the Enano team's ongoing maintenance of the Banshee (1.0) stable branch. May we add a reminder that support for Banshee will be maintained until 1 year after the stable release of Caoineag (1.2.0), after which security updates will be made available for 1 year.
