Plugins, Addons and Templates from 3-magi.net
Posted: Mon Jun 30, 2014 12:00 pm
Hello Community,
[A German translation is available.]
I have to confirm the security warning of Gert Ebersbach regarding Plugins, Addons and Templates from 3-magi.net, that some of my latest plugins (beta versions) allow to access the plugin adminstration without authentication, when used in CMSimple (all versions) and CMSimple_XH < 1.5.4.
Of course, I will make updates available as soon as possible, which will fix this issue. I've hade emailed Gert asking for details on how to best deal with the issue, but he didn't answer to me directly. Obviously, he does not want that I write plugins for CMSimple. So all my future releases will work solely in CMSimple_XH. Even if all my existing plugins explicitely state that they require CMSimple_XH (and the minimum version), I will do my best to check for unsupported versions and variants of CMSimple, and let the plugin act appropriately.
I recommend to immediately uninstall my plugins from systems which do not fulfill the plugin requirements as stated in the manual (aka. help files). There will be neither bugfix releases nor security patches from me, which allow you to run the plugins under unsupported systems.
Another option is to upgrade to a supported version of CMSimple_XH.
Sorry for the inconvenience,
Christoph
http://3-magi.net/
[A German translation is available.]
I have to confirm the security warning of Gert Ebersbach regarding Plugins, Addons and Templates from 3-magi.net, that some of my latest plugins (beta versions) allow to access the plugin adminstration without authentication, when used in CMSimple (all versions) and CMSimple_XH < 1.5.4.
Of course, I will make updates available as soon as possible, which will fix this issue. I've hade emailed Gert asking for details on how to best deal with the issue, but he didn't answer to me directly. Obviously, he does not want that I write plugins for CMSimple. So all my future releases will work solely in CMSimple_XH. Even if all my existing plugins explicitely state that they require CMSimple_XH (and the minimum version), I will do my best to check for unsupported versions and variants of CMSimple, and let the plugin act appropriately.
I recommend to immediately uninstall my plugins from systems which do not fulfill the plugin requirements as stated in the manual (aka. help files). There will be neither bugfix releases nor security patches from me, which allow you to run the plugins under unsupported systems.
Another option is to upgrade to a supported version of CMSimple_XH.
Sorry for the inconvenience,
Christoph
http://3-magi.net/