v1.0.472 Released on March 12, 2021

View on GitHub

NOTE: As of v1.0.472, the core maintainer team has left October CMS and forked the project into Winter CMS.

UX / UI Improvements

  • Fix support for browser-based validation of checkboxes and radio options

API Changes:

  • Added registerOwnerAlias($owner, $alias) to the NavigationManager to add aliases for given owners of registered menu items.
  • Added registerPermissionOwnerAlias($owner, $alias) to the AuthManager to add aliases for given owners of registered permissions.
  • Added registerOwnerAlias($owner, $alias) to the SettingsManager to add aliases for given owners of registered setting items.

Security Improvements

  • Tightened up the Twig SecurityPolicy. Calling insert(), update(), delete() methods on all PHP objects are now blocked from within Twig, data modifications should not be done at the view layer. If absolutely necessary, consider firing a view event instead. Backported from v1.1.2.
  • Added a new config value (app.trustedHosts) to protect against host header poisoning. The following values can be used: true will allow only the naked and www versions of app.url as trusted hosts, the default of false will disable the feature (except on the backend password reset flow), and finally an array of trusted host patterns.
  • Session identifiers are now invalidated on logging out instead of just flushed.

Keep informed

Sign up to our newsletter to receive updates on Winter CMS releases, new features in the works, and much more.
We'll never spam or give this address away.

Latest blog post

October CMS as you know it is Dead

Published April 12, 2021
We regret to inform you that October CMS as you have known it for the past 7 years is no more. The founders have decided to make it a paid proprietary product; unfortunately abandoning the open source community in the process as "source partially available" is not open source. The core maintainers of the project have forked, and will continue development as Winter CMS....

View this post Read all posts

Latest Winter CMS release

v1.1.3

Released April 26, 2021
3 UX/UI Improvements, 19 API Changes, 23 Bug Fixes, 3 Security Improvements, 4 Translation Improvements, 1 Community Improvement, 2 Dependencies

View details View all releases