Package contents

• Basic CMF.
• Modules: Forums, Homepage, Installation and Upgrade, Page, Personal File Space, Private Messages, Polls, RSS, Users, View.
• Plugins: AJAX autocomplete, Banlist, BBcode, CKEditor, Cleaner, Comments, Contact, Forum statistics, Genoa compatibility, Hidden groups, Hit statistics, HTML Purifier, Contents Internationalization, IPSearch, markItUp!, MassMoveTopics, MathCaptcha, News, Start Ratings, Recent Items, Referers, Search, Statistics, Tags, Trashcan, URLEditor, User...

You have probably seen the recent news about database leaks at LinkedIn, Yahoo, etc. So you may be worried what happens to your users if your database is stolen somehow. The good news is that passwords are not stored as plain text but are hashed with MD5. The bad news is that MD5 is rather easy to bruteforce.

So, we made some major improvements to the way passwords are hashed in Cotonti and it is now using SHA256 with random salts by default, provides some hashing options and gives plugin...

What's new in Siena 0.9.11

• Major security update for password hashing and storage. Multiple hashing algorithms are supported, all new passwords are hashed with salt and sha256 instead of md5 by default. Existing passwords are kept in md5 but it is recommended to change them in future.
• New timezone handling including timezone names and daylight saving time (DST) support.
• Module subfolders in theme folders.
• Added default sorting order option for tag search results.
• Support for nested quotes...

What's new in 0.6.24

• Major security update for password storage method including multiple hashing algorithms support and hash salting.
• Added default results sorting order option in Tags plugin.
• Fixed SQL injection in Administration / Hits.
• Fixed logout from all devices.

Updating from 0.6.23

1. Replace these files with updated files: see this diff page.
2. Apply sql/patch-0.6.23-0.6.24.sql in phpMyAdmin.
3. Edit datas/config.php, add $cfg['site_id'] and $cfg['secret_key'] options as described...

An SQL injection vulnerability has been found recently in Administration part of Polls module by vekt0r, so we release 0.9.9 shortly as a security update for 0.9.x branch.

This update also includes significant changes in site security system and fixes for all recently discovered bugs.

Head to release notes page for more information.

What's new in Siena 0.9.9

• Fixed SQL injection vulnerability in Polls administration.

• Added security checks against cross-domain form submission.

• Shield is moved back to the core, now using sessions instead of who's online plugin.

• Several minor enhancements and a few bugfixes including PFS buttons in editors.

More changes can be found in this report.

See the list of new TPL tags here.

• An important security fix and improvements for the rc.php static resource compressor
  
• Authentication security and stability improvement backported from Siena
  
• Anti-XSS improvement backported from Siena
  
• ...

Plugin that adds additional security for administration panel. Without yubikey no one can access admin panel even when he have admin login and password. Plugin provides multifactor authentication with one-time passwords using the Yubikey USB token. The plugin uses the Yubico Web service API in the authentication process. Your PHP installation must have the Hash and Curl libs enabled, otherwise this plugin won’t work.

Installation:
1. Buy a Yubikey.
2. Create a Yubico ID & API Key.
3....

• Fixed SQL injection vulnerability in polls
  
• Added Tags in news plugin
  
• Fixed encoding in standalone PFS edit/editfolder
  
• Finally fixed HTML parsing in RSS
  
• Fixed {CATEGORY} in titles for pages
  
• Fixed forum posts pagination links
  
• Fixed a bug in tag search
  

Comments for Guests Plugin enables your website visitors to post comment without registration. This is generally very good since you can get quick response to your articles or blog posts, and people can comment without going through the registration routine and – possibly – compromising their email. Com4Guests CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) capability will let you effectively filter off spam bots.
Comments for Guests supports CAPTCHA...

This is reCAPTCHA integration plugin for Cotonti -- another member of the happy family of CAPTCHA plugins serving security of your websites.

reCAPTCHA v2 is currently supported.

Authors: esclkm, Andrey Matsovkin, Kalnov Alexey

Github: https://github.com/Cotonti-Extensions/recaptcha

Requirements

Version for Cotonti Siena:

Just download it here and install the plugin.

Version for Cotonti Genoa:

Download here.

This plugin is recommended for use with CAPTCHA Manager. However, it can be used as a...

SecurImage CAPTCHA Plugin is based on the SecurImage class by Drew Phillips

Cotonti Siena version can be downloaded here.

Requirements

If you use Cotonti Genoa, then this plugin is recommended for use with CAPTCHA Manager. However, it can be used as a single CAPTCHA solution for the website.

There is no such requirement for Cotonti Siena.

Demo

Visit Cotonti CAPTCHA Demopage to see SecurImage CAPTCHA plugin in action (CAPTCHA Manager is set to "Random CAPTCHA").

Installation

1. Unpack, upload and...

It's not a secret that most popular graphical CAPTCHAs are easily passed by modern smart spam bots. PHP-Captcha used in Seditio is not an exception from this rule, Seditio has not been attacked yet because there haven't been bots targeting it, but once there are bots targeting Seditio and its simple PHP-Captcha, it will surrender.

On the other hand many users complain that it's hard to put the letters displayed on image in correct case, so it makes registration process more difficult for...

Note: this plugin is deprecated since Cotonti Siena 0.9.8 because its functionality and API was acquired by the core. Do not install it if you use Cotonti 0.9.8 or later.

Features

• Combines and manages all captcha plugins supporting Cotonti Common CAPTCHA Interface
• Enchanses security via randomly displayed CAPTCHA's
• Provides solid API to use any CAPTCHA's in your code

Demo

Visit Cotonti CAPTCHA Demopage to see CAPTCHA Manager in action ("Random CAPTCHA" mode).

Installation

1. Unpack, upload and...