Textpattern CMS 4.0.5 released

Textpattern CMS 4.0.5 is immediately available from the download page. Read on for full details…

We have fixed one security issue (XSS) on the public-side with comment-previews, which means that updates are strongly recommended. The relevance and potential attack vectors are described on wikipedia [type 1]. Since the authentification cookie is restricted to the admin-directory and not accessible from the front-end, in most cases this means “only” the info from the comment-data-cookie might be leaked. Users that run textpattern together with other software or third party plugins that set cookies might be at risk of having other data leaked, when a user can be tricked into following certain links.

Updates should be seamless for the vast majority of people, otherwise make sure that all plugins are also updated to their most recent version. There’s also a very minor, low-impact issue for 4.0.5rc1-testers, but I’ll write more about that in the next few days, but nothing that has any impact on updating to 4.0.5 final right away.

Download

File download

Zip format.
File size: 323 kB | Last modified:
File download

Gzip format.
File size: 281 kB | Last modified:

Changes since 4.0.4

  • Fixed security issue on public-side (XSS) (thanks zarathu)
  • Fixed path disclosure issue (thanks zarathu)
  • Search for posted and last modifed dates in article list
  • New tag: <txp:hide /> as a container for comments and other internal content
  • Changed tags: <txp:comments />, <txp:category_list />, <txp:section_list /> and <txp:image_index /> support sort attribute
  • Distribute jQuery 1.1.2 as a default JavaScript library
  • Keep image properties on replacement
  • Added ‘delete thumbnail’ function
  • Support for back end branding: customizable logo and color bar
  • Table sort indicators
  • Textile improvements
  • Fix non-UTF-8 mails (iso 8859-1)
  • Better wrapping in admin-interface to prevent horizontal scrollbar
  • Added comment status to comment notification mails
  • Fixed infinite pagination in rare edge cases
  • Worked around apache bug for file downloads (in connection with mod_deflate)
  • Fixed error messages on wrong logins for older mysql versions
  • Fixed comment spam blacklist false positives
  • Fixed file_download tag from showing the same URL for different downloads
  • Fixed disappearing comment preferences in certain circumstances
  • Fixed active class in section_list, category_list
  • Better cooperation with some proxies (and other HTTP/1.0 clients)
  • Smarter comment submit button emphasises preview step
  • Optionally hide spam comments in back end list
  • Truncate longish article category titles in the write screen
  • Handle thumbnailing of larger images
  • Better MoveableType import
  • Fixed some more IIS issues
  • New callback event: textpattern_end
  • New callback event: ping
  • New tag: <txp:article_url_title />
  • Changed tag: <txp:permlink /> loses default title attribute
  • Changed tag: <txp:file_download_link /> returns filename as an additional URL part
  • Many, many minor improvements

Further reading

Forum thread for the announcement.

Comments

  1. Tanks lot for your efforts Mary, Ruud, Wet and Sencer.

  2. And not forgetting Zem. Thanks guys, you’ve changed the way I think about publishing on the web! After having tried many other content management systems I can safely say Textpattern is my absolute favourite to develop in.

    A big thank you everyone who contributed.

  3. That’s a lot for a small point release. Thanks team!

  4. Excellent … thank you for the continued dedication and to making possible the ability for so many to publish online in such an elegant way!

  5. Excellent…TXP are keep getting better and better. It’s my choice for web development. Thanks for great team.

  6. Congratulations, Textpattern team! We needed this one. ;)

  7. Nice job folks, as always.

  8. And somebody said there’s no development?! Crap! Thanks for the great job for everybody who contributed to this release, and thus made our lives easier!!!

  9. upgraded seamlessly. thanks.

  10. Download and Used it. ;)

  11. Excellent, great job, thanks!

  12. Well done!

  13. Finally an upgrade. Many thanks!

  14. woohoo! thanks! congrats!

  15. Like everybody already said: thank you very much! I admire your work, and hope you continue improving it!

  16. Thanks people!

    <3 TXP

  17. Congrats! I love textpattern

  18. Many thanks to the developers, and of course thanks to Dean for starting it all.
    Looking forward to upgrading my live sites and a few in the works.

  19. thanks so much :D

  20. Great job, keeop it going that way, using it for almost a year…

  21. Thank you very much for your efforts. A great new release.

  22. Thanks very much for all the work you put into this. I use TXP on a daily basis and it continues to be a pleasure!

  23. Excellent! Thanks very much :-)

  24. Thanks a lot for your effort!

  25. Thank you for the amazing piece of work!

  26. Thanks for cms ;)

  27. A big thank you to everyone who works on this lovely publishing system!

  28. Congratulations to TXP team, I just love TXP its pure simple awesomeness…

  29. Thanks for this nice upgrade.

  30. You guys rock!! Thanks so much for all your efforts.

  31. All right, thank you for the new release

  32. I love TXP. Anything I need to do I am able to perform in such a short amount of time it is just crazy! Keep up the good work!

  33. Thank you to the developers.Looking forward to upgrading my live sites in a few days.

  34. TXP is the best blog/CMS system ever!

  35. There hasn’t been an update in over 6 months.

    This TextPattern alive?

    I hope so

  36. Keep it up, thank you!!

  37. Thanks from Russia!

Commenting has expired for this article.