Cotonti is a powerful open-source web development framework and content manager with a focus on security, speed and flexibility.
Why choose Cotonti?
Cotonti combines the flexibility of a web framework with the rapid deployability and featureset of a content management system. Despite having features such as user accounts, content creation, file management and community tools out of the box, it can be easily extended using modules or plugins. Cotonti is powered by its own template engine which is both fast and easy to learn, even if you are not an experienced programmer.
Read more about Cotonti's Benefits...
Hi-Tech Bridge Security Research Lab has recently discovered an SQL injection vulnerability in Cotonti's RSS module. This release contains the fix for that bug among many other changes.
In Cotonti Siena 0.9.14 more than 44 issues have been resolved. Besides the bugs fixed, most of them are related to Administration panel and SEO. See release notes for more details.
For RSS module users this update is a must, for the others it is just highly recommended.
Hello dear Community.
It's time to update your Cotonti instances to the latest and greatest 0.9.13 after several months since 0.9.12.1. Here is what we've got for you:
See release notes for more information.
This release is dedicated to Leslie "Kingsley" Gonggryp, a well known member of LDU, Seditio and then Cotonti community who has recently passed away at the age of 35. You can join our condolences if you knew this guy. Let's continue the good work that he would appreciate.
Rest in peace, Kingsley.
A critical bug was found in 0.9.12 package, so we're replacing it with 0.9.12.1 which contains a few other fixes, see this report.
Users who have already upgraded to 0.9.12, please download the new version and replace updated files.
We are sorry about that. Please help us to improve Cotonti by submitting your bug reports to our issues page.
We have released 2 new packages to keep both your Siena and Genoa sites running smoothly.
Changes in Siena 0.9.12:
Page manipulation API for extension developers.
SEO: title and meta description for pages now editable out of the box.
Forums: markers for topics where a user has posted (#978), timeout for post editing (#1025).
Added support for parsing and translation of name and notes of extensions. See #991.
Added support for non-alphanumeric characters in passwords.
CKEditor 3.6.5, markItUp! 1.1.13 and updated Star Ratings plugin
Extended SQL devmode with backtrace.
Lots of small enhancements.
38 bug fixes including some rather important ones.
Changes in Genoa 0.6.25:
Fixed changing passwords in profile.
Added experimental support for IPv6.
You have probably seen the recent news about database leaks at LinkedIn, Yahoo, etc. So you may be worried what happens to your users if your database is stolen somehow. The good news is that passwords are not stored as plain text but are hashed with MD5. The bad news is that MD5 is rather easy to bruteforce.
So, we made some major improvements to the way passwords are hashed in Cotonti and it is now using SHA256 with random salts by default, provides some hashing options and gives plugin developers an opportunity to implement their own hashing methods. An update is recommended to both Siena and Genoa users. After upgrade, existing user passwords will still be hashed with MD5, but as soon as they change their passwords, new hashing functions will be applied.
The Genoa update 0.6.24 includes one more security patch, so it is highly recommended to update if you let strangers enter your Administration panel.
The Siena update 0.9.11 includes lots of bug fixes and enhancements including Daylight Saving Time support. See release notes for more information.