The Nucleus CMS core development team has finished a new release. Nucleus CMS version 3.40 has a long list of changes with Security Improvements, Feature Enhancements and Bug Fixes.
Some highlights of the new version are: a new member option makes it possible to decide if the autsave function is used, numerous new plugin events will improve the plugin development and published items can easily moved back to drafts.
Nucleus CMS version 3.40 is available as full package on the download page. To upgrade from a previous version you can download two zip packages that are used to upgrade the database structure and to upgrade the files. More information can be found on the upgrade page.
We recommend Nucleus CMS v3.40 for new installations. If you are running a Nucleus CMS v3.3x installation you can benefit from the various feature improvements and bug fixes. Under certain server configurations the new version can help you to avoid security risks.
You can find a comprehensive list of the changes in Nucleus CMS v3.40 in the extended part of this item:
- Address possible directory traversal vulnerability in the media manager under certain configurations.
- Include and recommend .htaccess files in media/, and skins/ folders to restrict execution of PHP code from these locations.
- Include and recommend .htaccess files in nucleus/libs/ folder to prevent direct web server access to the nucleus core PHP files.
- New member-level option to disable the auto-save feature.
- Numerous new Plugin API events and class methods for use by plugin developers.
- Improved handling of special skin parts.
- Prevention of double comments.
- Various improvements to data presentation in admin area.
- Update of help files, for users and developers.
- New global configuration setting to set the default size of lists in the admin area.
- New global configuration setting to enable debug mode for nucleus variables.
- Allow published items to be moved back to drafts.
- Install script now ready for non-english languages.
- New parameters on bloglist skin variable to customize the sort order of the listed blogs.
- Comment user names cleared from database when user registers with name longer than 16 characters.
- Ping does not occur when item is added by New Category.
- Database backup not generating standard mysql syntax.
- Plugin option not generated properly under certain conditions.
- Permission settings of uploaded files not effecive.
- Admin area generates invalid XHTML code.
- ValidateForm event not working properly.
- Time generation error when editing item.
- Plugin API, incorrect operation order.
- variable not correct in COMMENT template fields.
- Bookmarklet height increased.
- Case sensitivity of ItemVars causing issues.
- Global redirect function blocking URLs with valid * character.
- Content type of bookmarklet causing errors for users with certain plugins installed.
- Global $CONF['Self'] variable is set improperly.
- bloglist variable causes errors with certain parameters.