Cotonti combines the flexibility of a web framework with the rapid deployability and featureset of a content management system. Despite having features such as user accounts, content creation, file management and community tools out of the box, it can be easily extended using modules or plugins. Cotonti is powered by its own template engine which is both fast and easy to learn, even if you are not an experienced programmer.
Read more about Cotonti's Benefits...
We have released 2 new packages to keep both your Siena and Genoa sites running smoothly.
Changes in Siena 0.9.12:
Changes in Genoa 0.6.25:
You have probably seen the recent news about database leaks at LinkedIn, Yahoo, etc. So you may be worried what happens to your users if your database is stolen somehow. The good news is that passwords are not stored as plain text but are hashed with MD5. The bad news is that MD5 is rather easy to bruteforce.
So, we made some major improvements to the way passwords are hashed in Cotonti and it is now using SHA256 with random salts by default, provides some hashing options and gives plugin developers an opportunity to implement their own hashing methods. An update is recommended to both Siena and Genoa users. After upgrade, existing user passwords will still be hashed with MD5, but as soon as they change their passwords, new hashing functions will be applied.
The Genoa update 0.6.24 includes one more security patch, so it is highly recommended to update if you let strangers enter your Administration panel.
The Siena update 0.9.11 includes lots of bug fixes and enhancements including Daylight Saving Time support. See release notes for more information.
We are glad to announce you Cotonti Siena 0.9.10 which may be considered as a "beta" because now we are just a few tasks away from 1.0. Here is the list of changes in this release:
For more information see release notes.
This month we're starting several important social activities here at cotonti.com, so follow the news feed.
On May 26th, 2011, the European Union accepted a new legislative directive regarding the use of web cookies. Also known as the Cookie Law, it applies to how you use cookies and similar technologies for storing information on a user’s equipment such as their computer or mobile device. It means that you have to get your visitors informed consent before placing a cookie on their machine. The law officially came into effect on May 26th, 2012, but since each EU member state has to implement its own version of the law, enforcement of the law may be delayed.
The law applies to cookies set by websites owned by organizations or individuals operating/living in the European Union. The law allows an exception for cookies which are "strictly necessary for a service requested by a user", such as those used to remember when something has been added to a shopping basket or allowing users to login. These cookies would be implicitly expected by the user. However, the law always applies to cookies which store personal information (such as names and email addresses).
The Cotonti CMS uses only one cookie. This cookie is used to store the user ID and session identifier after a user logs in. No personal information is involved. Also, the cookie is opt-in, meaning it's only stored if the user enables the 'remember me' checkbox on the login form. However, Cotonti does allow to force the 'remember me' option through the admin panel, which would hide the 'remember me' checkbox and enable it in the background. Since this behavior is not implicitly expected by a user, nor is the cookie a requirement for Cotonti to operate, forcing the 'remember me' option would probably not be allowed under the new law.
We recommend to do the following:
Important note
Since each EU member state has to implement its own version of the law (the EU version is just a directive), details of the law may be different between countries. For example, the Dutch version also includes legislation on net neutrality. You should therefore inform yourself of the exact details of the law in your own country. The Cotonti Team and the author of this article accept no liability for any inaccuracies in the article. It's your own responsibility to ensure your site complies with local and international laws.
An SQL injection vulnerability has been found recently in Administration part of Polls module by vekt0r, so we release 0.9.9 shortly as a security update for 0.9.x branch.
This update also includes significant changes in site security system and fixes for all recently discovered bugs.
Head to release notes page for more information.