0.9.12 and 0.6.25 2012-12-03

We have released 2 new packages to keep both your Siena and Genoa sites running smoothly.

Changes in Siena 0.9.12:

• Page manipulation API for extension developers.
• SEO: title and meta description for pages now editable out of the box.
• Forums: markers for topics where a user has posted (#978), timeout for post editing (#1025).
• Added support for parsing and translation of name and notes of extensions. See #991.
• Added support for non-alphanumeric characters in passwords.
• CKEditor 3.6.5, markItUp! 1.1.13 and updated Star Ratings plugin
• Extended SQL devmode with backtrace.
• Lots of small enhancements.
• 38 bug fixes including some rather important ones.

Changes in Genoa 0.6.25:

• Fixed changing passwords in profile.
• Added experimental support for IPv6.

Balangrijke beveiligingsupdates voor Siena 0.9.11 en Genoa 0.6.24 2012-08-01

Je hebt waarschijnlijk het laatste nieuws gezien over de database lekken van LinkedIn, Yahoo, etc. Je ben misschien bezorgd wat er met jouw database gebeurd als iemand deze steelt. Het goede nieuws is dat paswoorden niet als platte tekst bewaard worden maar gehashed met MD5. Het slechte nieuws is dat MD5 gemakkelijk gekraakt kan worden met brute kracht.

Daarom hebben we belangrijke verbeteringen aangebracht aan de manier hoe paswoorden worden gehashed in Cotonti en nu gebruikt het SHA256 met willekeurige salt als default, het heeft enkele hashing opties en geeft pluginontwikkelaars een mogelijkheid om hun eigen hashing methodes te implementeren. Een update is aanbevolen voor Siena en Genoa gebruikers. Na de update, bestaande gebruikerspaswoorden zullen nog altijd gehashed worden met MD5, maar op het moment dat zij hun paswoord veranderen, zal de nieuwe hash-functie toegepast worden.

De Genoa update 0.6.24 bevat een extra beveiligingupdate, daarom is het erg aanbevolen de update te installeren als je vreemdelingen toelaat in je Administratie paneel.

De Siena update 0.9.11 bevat veel bug fixes en verbeteringen en bevat Daylight Saving Time support. Zie de release nota's voor meer informatie.

Siena 0.9.10 released 2012-06-01

We are glad to announce you Cotonti Siena 0.9.10 which may be considered as a "beta" because now we are just a few tasks away from 1.0. Here is the list of changes in this release:

• Simple XML sitemap plugin and Autoalias in the standard package.
• Cache options in news and recentitems plugins for index page to load faster for guests.
• Ability to delete a page by clicking a link rather than submitting a form.
• Custom themes support and fixes in JS/CSS consolidator.
• "Installed only" view in Administration / Extensions.
• Custom breadcrumbs resources for themes, resources and lang files in admin themes.
• Fixed more than 18 bugs.

For more information see release notes.

This month we're starting several important social activities here at cotonti.com, so follow the news feed.

Cotonti and the EU e-Privacy Directive 2012-05-28

On May 26th, 2011, the European Union accepted a new legislative directive regarding the use of web cookies. Also known as the Cookie Law, it applies to how you use cookies and similar technologies for storing information on a user’s equipment such as their computer or mobile device. It means that you have to get your visitors informed consent before placing a cookie on their machine. The law officially came into effect on May 26th, 2012, but since each EU member state has to implement its own version of the law, enforcement of the law may be delayed.

The law applies to cookies set by websites owned by organizations or individuals operating/living in the European Union. The law allows an exception for cookies which are "strictly necessary for a service requested by a user", such as those used to remember when something has been added to a shopping basket or allowing users to login. These cookies would be implicitly expected by the user. However, the law always applies to cookies which store personal information (such as names and email addresses).

The Cotonti CMS uses only one cookie. This cookie is used to store the user ID and session identifier after a user logs in. No personal information is involved. Also, the cookie is opt-in, meaning it's only stored if the user enables the 'remember me' checkbox on the login form. However, Cotonti does allow to force the 'remember me' option through the admin panel, which would hide the 'remember me' checkbox and enable it in the background. Since this behavior is not implicitly expected by a user, nor is the cookie a requirement for Cotonti to operate, forcing the 'remember me' option would probably not be allowed under the new law.

We recommend to do the following:

• Disable the 'Force remember me' setting in Admin => Config => Users.
• Make sure the 'Remember me' checkbox appears in the login form, otherwise check your template files.
• Add a short text below the login form, or in the general conditions / privacy policy of your site, explaining the 'Remember me' feature will store a cookie on the visitor's computer containing anonymous session data.

Important note

Since each EU member state has to implement its own version of the law (the EU version is just a directive), details of the law may be different between countries. For example, the Dutch version also includes legislation on net neutrality. You should therefore inform yourself of the exact details of the law in your own country. The Cotonti Team and the author of this article accept no liability for any inaccuracies in the article. It's your own responsibility to ensure your site complies with local and international laws.

Beveiligings update Siena 0.9.9 2012-04-15

Een SQL injectie kwetsbaarheid is recent door vekt0r gevonden in het adminstratie gedeelte van de Polls module. We hebben spoedig 0.9.9 uitgebracht als een beveiligings update voor de 0.9.x branch.

Deze update bevat ook belangrijke veranderingen voor het site beveiligings systeem en voor recent gevonden bugs.

Bekijk de release notities pagina voor meer informatie.