today CMSimple 4.4 has been released with the following information:
Obviously the new version has removed all HTML tags from the language files. While I am aware that mod_security can be configured to block any posts that contain HTML tags (to prevent XSS attacks; what IMHO should be left to the application), I wonder if that wouldn't block any posting of pages as well (in which case these features would have to be disabled to be able to work with CMSimple, or most other CMSes also).The reason are special configurations of ModSecurity, which interprets html tags as a "dangerous code attack" in some cases, and makes saving of the language files impossible. After that it is possible, that the IP adress of the administrator is added to a blacklist, and also ftp access is blocked for some hours.
Does anybody have further information regarding this issue? Do we have to make any adjustments to CMSimple_XH as well?
Christoph