Get articles in your inbox!Subscribe

Textpattern CMS 4.4.0 released: focus on security

Site Index

This site uses affiliate links as a means of monetization.

A new release of Textpattern (news) is available. This version has a focus primarily on security and introduces a number of new changes to the way passwords are handled as well as general security fixes.

Some excerpts from the release announcement:

  • If you are running an Apache web server, rename the .htaccess-dist file in the /files directory to .htaccess to prohibit direct URL access to your files.
  • Previously, people with privileges set to ‘None’ could log in and just not see anything — Restricted area — for every tab. Now they are not even permitted entry.
  • We have relied on MySQL’s password function for a long time now. MySQL themselves do not recommend this and, moving forward to TXP 5, our goal is to open up the avenue for using other databases, so to rely on MySQL is counter to this philosophy. We have therefore taken the step of implementing phpass from this point forward.

    This has the implication that passwords are now case sensitive.

This release also mops up some bits and pieces that snuck into 4.3.0. Namely:

  • a few places that still used deprecated attributes, mostly in the tag builder
  • some Textile security fixes
  • a bug in <txp:variable /> when dealing with empty values
  • search engines shouldn’t index ‘Nice try’ messages any more
  • messy mode context and get_pref() bugs squashed

jQuery has also been upgraded to 1.5.1.

For the full announcement, or to download, visit:

CMS & Marketing / Textpattern CMS 4.4.0 released: focus on securityLast updated on January 5, 2019
Save Your Favorite Articles!
Create an account and save articles

Site Index