C1 CMS 6.7
C1 CMS 6.7 (6.7.7240.24791)
Download
What’s new in C1 CMS 6.7?
This release is mostly focused on stabilization and fixes, including a critical security fix.
User Groups can now be assigned access to a given language, this was previously a “User only” setting. For federated authentication systems, where users are managed in AAD, this feature allow better control over language access.
When searching for media in the C1 Console, tags on media are available as facets for result filtering.
Critical security fix
Critical security fix for a Remote Code Execution vulnerability, where a C1 Console user (with any access level) can complete a remote code execution attack on the website. This vulnerability cannot be exploited by anonymous users, but we urge all our users to upgrade to this release at the earliest convenient time. MITRE reference: CVE-2019-18211.
Free automated upgrade
To best protect you, Orckestra is providing free, immediate and direct access to our automated upgrade feature – any C1 installation from 2011 and later can now be upgraded to this release, free of charge.
Details on the exploit should be expected to be published within one month. We suggest you upgrade to this release before January 2020.
For guidance on upgrade, please see issue #696
A big thanks to Florian Hauser, security analyst at @codewhitesec https://twitter.com/codewhitesec, for taking the time to analyze, document and report the vulnerability in a thorough and responsible way.
Minor changes and bug fixes
- Fixing issue with Chrome v74 and later, breaking the calendar UI in the C1 Console.
- In the C1 Console, a “another user is editing this” warning was erroneously shown when another user was editing other language versions of the page.
- Fixing issue with resolving data/page relations, which fx could lead to blog posts from one subsite to appear in search results on another subsite
- Fixing issue preventing you from running C1 in a virtual folder
- Page rendering, fixing issue where duplicate meta tags would surface the first encountered (in a depth first search) rather than the last. This fix ensure you can overwrite a ‘common’ meta tag in the template fx, from an embedded C1 Function.
For a list of all issues fixed in this release, see issues closed in C1 CMS 6.7