Campsite 3.4.1 Security Update Released

2 mins

A potential XSS vulnerability has been fixed with the latest Campsite release, which also improves session handling to avoid logged user session grabbing via CSRF attack. The vulnerability was discovered by High-Tech Bridge SA, Ethical Hacking & Penetration Testing.

The developers have also taken this opportunity to improve the universal list function that allows the user to choose how to list articles in the admin interface and search those articles as well as further update the UI redesign. The next Campsite update is due at the end of August.

Improvements:

CSRF (Cross-site request forgery) protection implemented
Multiple general UI changes and fixes
Number of parameters in the articles search list reduced
Improved session handling to avoid logged user session grabbing via CSRF attack

Bugs Fixed:

On backup data restore the file system_preferences.php is now deleted
The restore script no longer crashes if the files/images directory didn't exist in the package
Layout errors in the universal list solved
Campsite installer no longer crashes on Windows
Missing default admin permission sorted
Feedback function working correctly
Universal list now working if topic has ” in title.
Plugin installation difficulties solved
UTF strings show up properly in email notifications
User input is correctly filtered out
Field values now change correctly in the universal list
Pagination and sorting now working properly in staff-user-admin of campsite
Localizer now supports languages with different country code (e.g. zh_CN – simplified , zh_TW – traditional)

For more information and free download, please visit http://campsite.sourcefabric.org

Information

Campsite is a free, open source, multilingual content management system (CMS) for news websites, released in late 2000.

Campsite runs on Linux, Windows and Mac OS servers, with access from any web browser.

Campsite features automated publishing, editor review, multimedia support, subscription management & full template support.