1.5.0 RC

What's Changed

• Prepare the documentation for 1.5.0 by @fiammybe in #1215
• Updated branch references & readme by @MekDrop in #1223
• Delete htdocs/editors/tinymce directory by @fiammybe in #1273
• Remove openid by @fiammybe in #1274
• align syntax of DB interface and mysql implementation with PDO by @fiammybe in #1287
• prepare for 1.5.0 beta by @fiammybe in #1286
• Fix mailuser by @fiammybe in #1288
• Cleanup all deprecated files and functions in the core by @fiammybe in #1320
• Fixes DB interfaces incompatibilies between different PHP versions by @MekDrop in #1321
• Fixes DB crash if DB encoding value is empty by @MekDrop in #1322
• Fix: notice undefined index utf8 in htdocs/install/page_dbsettings.php on line 138 by @MekDrop in #1323
• Remove get_magic_quotes_gpc calls by @MekDrop in #1327
• Cookie hardening by @fiammybe in #1331
• removing files from previous versions that are no longer there by @fiammybe in #1330

Full Changelog: v1.4.4...v1.5.0-rc

v1.5.0 beta

The 1.5 branch will move to support PHP 7.4 and PHP 8.0, alongside support for MySQL 8. We also did some housekeeping by removing rarely-used external parts such as the OpenID login or the outdated TinyMCE integration.

What's Changed

• Prepare the documentation for 1.5.0 by @fiammybe in #1215
• Updated branch references & readme by @MekDrop in #1223
• Remove TinyMCE by @fiammybe in #1273
• Remove openid by @fiammybe in #1274
• align syntax of DB interface and mysql implementation with PDO by @fiammybe in #1287
• prepare for 1.5.0 beta by @fiammybe in #1286
• Fix mailuser by @fiammybe in #1288

Full Changelog: v1.4.4...v1.5.0-beta

v1.4.4

What's Changed

• Applying the filters to inner elements of arrays by @skenow in #1162
• Additional input filtering - mailusers, findusers, checkVarArray inner elements by @skenow in #1163
• Filtering updates for blocksadmin and mailusers by @skenow in #1164
• Prepare 1.4.4 by @fiammybe in #1171

Full Changelog: v1.4.3...v1.4.4

v1.4.3

What's Changed

• Fixed some warnings and notices in installer for newer PHP versions by @MekDrop in #882
• Protector get_magic_quotes_gpc fix for php 7.4 by @MekDrop in #884
• Smiles in misc.php now are escaped by @MekDrop in #890
• Fix "#881 trying to send mails with SMTP auth gives missing smtp class" by @MekDrop in #889
• Added exception handler by @MekDrop in #888
• Fixed bug when handlers from module separate files cant be loaded by @MekDrop in #887
• Fixes 'Notice: Only variables should be passed by reference in /home/vagrant/impresscms/htdocs/libraries/icms/config/Handler.php on line 237' by @MekDrop in #886
• Fixed bug when admin menu can't regenerate when module folder is removed before uninstalling by @MekDrop in #897
• Fixed syntax error in include/registerform.php by @MekDrop in #896
• fix vulnerability in autoloader by @fiammybe in #913
• block path traversal in image editor, transform .. to _ by @fiammybe in #915
• Fixes/ipf table filtering - limitsel missing POST value by @skenow in #937
• Adjusted template file inclusion for correct path. Fixes #603 by @skenow in #944
• Increase input sanitizing for system module and submodules by @skenow in #943
• Dev/jquery inclusion by @skenow in #935
• Fix for modules admin; user language files - fix #948 by @skenow in #949
• Update release_notes.md by @fiammybe in #1058
• Added filtering to the input in setSortOrder in icms_ipf_table by @fiammybe in #966
• filter url variable in findusers.php by @fiammybe in #967
• Remove the old FCKEditor - no longer supported by @fiammybe in #833
• add CKEditor 4.17.1 by @fiammybe in #1095
• Protector updates - PHP8 compatibility, update and remove legacy code by @skenow in #1098
• Preparations for the 1.4.3 RC release by @fiammybe in #1099
• Add a default parameter to addSlashes by @fiammybe in #1108
• Improvements in findusers logic and filtering by @skenow in #1110
• Undefined language constants for CKeditor in general preferences by @skenow in #1111
• Accept token for valid users only by @skenow in #1115
• User cookie could be contaminated - filter added by @skenow in #1117
• Protector enhancements and added security by @skenow in #1118
• Prepare 1.4.3 RC2 release by @fiammybe in #1109
• Making sure protector gets installed during the site installation by @skenow in #1137
• Changing filter method for request_uri to filter_sanitize_string by @skenow in #1136
• Fix for information displayed in protector admin and debug console by @skenow in #1154
• release 1.4.3 by @fiammybe in #1155

Full Changelog: v1.4.2...v1.4.3

v1.4.3-rc2

What's Changed

• Fixed some warnings and notices in installer for newer PHP versions by @MekDrop in #882
• Protector get_magic_quotes_gpc fix for php 7.4 by @MekDrop in #884
• Smiles in misc.php now are escaped by @MekDrop in #890
• Fix "#881 trying to send mails with SMTP auth gives missing smtp class" by @MekDrop in #889
• Added exception handler by @MekDrop in #888
• Fixed bug when handlers from module separate files cant be loaded by @MekDrop in #887
• Fixes 'Notice: Only variables should be passed by reference in /home/vagrant/impresscms/htdocs/libraries/icms/config/Handler.php on line 237' by @MekDrop in #886
• Fixed bug when admin menu can't regenerate when module folder is removed before uninstalling by @MekDrop in #897
• Fixed syntax error in include/registerform.php by @MekDrop in #896
• fix vulnerability in autoloader by @fiammybe in #913
• block path traversal in image editor, transform .. to _ by @fiammybe in #915
• Fixes/ipf table filtering - limitsel missing POST value by @skenow in #937
• Adjusted template file inclusion for correct path. Fixes #603 by @skenow in #944
• Increase input sanitizing for system module and submodules by @skenow in #943
• Dev/jquery inclusion by @skenow in #935
• Fix for modules admin; user language files - fix #948 by @skenow in #949
• Update release_notes.md by @fiammybe in #1058
• Added filtering to the input in setSortOrder in icms_ipf_table by @fiammybe in #966
• filter url variable in findusers.php by @fiammybe in #967
• Remove the old FCKEditor - no longer supported by @fiammybe in #833
• add CKEditor 4.17.1 by @fiammybe in #1095
• Protector updates - PHP8 compatibility, update and remove legacy code by @skenow in #1098
• Preparations for the 1.4.3 RC release by @fiammybe in #1099
• Add a default parameter to addSlashes by @fiammybe in #1108
• Improvements in findusers logic and filtering by @skenow in #1110
• Undefined language constants for CKeditor in general preferences by @skenow in #1111
• Accept token for valid users only by @skenow in #1115
• User cookie could be contaminated - filter added by @skenow in #1117
• Protector enhancements and added security by @skenow in #1118
• Prepare 1.4.3 RC2 release by @fiammybe in #1109

Full Changelog: v1.4.2...v1.4.3-rc2

v2.0.0 alpha 12

What's Changed

🚀 Features

• Themes installed as composer dependencies @MekDrop (#1106)
• Added posibility to specify default block weight, position and visibility @MekDrop (#1105)
• Enable migrations for modules in module installer/updating/removing @MekDrop (#1104)
• RedirectResponse now can be used for same things as redirect_header @MekDrop (#1092)
• Move content.php to content module @MekDrop (#1082)
• Misc.php as controller @MekDrop (#1080)
• Rewrite admin.php as controller @MekDrop (#1079)
• Add smarty url function @MekDrop (#1078)
• Replaced league router with sunrise http router @MekDrop (#1077)
• Install system module from composer @MekDrop (#1075)
• Rewritten privpolicy.php with controller @MekDrop (#1071)
• Corrected DataFilter class usage @MekDrop (#1070)
• image.php rewritten as controller action @MekDrop (#1068)
• PHP 8.0 & PHP 8.1 support @MekDrop (#1053)

🐛 Bug Fixes

• Fixed incorrect urls for PageNav generated links @MekDrop (#1107)
• Enable migrations for modules in module installer/updating/removing @MekDrop (#1104)
• Fixed module block titles/names from constants resolving @MekDrop (#1103)
• Fixes few issues with page_modulesinstall.php for installer @MekDrop (#1102)
• Add IcmsPersistableController to legacy class resolving map @MekDrop (#1101)
• Remove few system module services that was previously defined in core @MekDrop (#1093)
• Fixes system module upgrading from installer @MekDrop (#1091)
• Fixes some old class references resolving for some older modules @MekDrop (#1087)
• Fixes crash when not correct order comes from user data for table @MekDrop (#1086)
• Fixed namespaces issues for never PHP in footer.php and header.php @MekDrop (#1083)
• Fixed legacy url index.php resolving when they are described as paths @MekDrop (#1084)
• Use new version imponeer/smarty-db-resource @MekDrop (#1013)
• Corrected DataFilter class usage @MekDrop (#1070)
• Fixed crashing translator when translation folder contains index file @MekDrop (#1072)
• Fixed bug when HTTP headers for modules that doesn't use controllers where stripped @MekDrop (#1061)
• Fixed media uploader sizes checks when there is no limit set @MekDrop (#1069)
• image.php rewritten as controller action @MekDrop (#1068)
• Fixed 'Class "ImpressCMS\Core\Database\Legacy\Updater\ReflectionClass" not found' bug @MekDrop (#1066)
• Fixed fatal error (PHP 8.x) when config item doesn't have a description @MekDrop (#1067)
• Fixed bug when legacy module crashed due translations constants not loaded at correct time @MekDrop (#1065)
• Fixed rights check for legacy URL modules @MekDrop (#1064)
• Fixed module model resolving to be able to work with PHP 8.x @MekDrop (#1063)
• Fixed module submenu counting bug for PHP 8.x @MekDrop (#1062)
• Fixed bug when version getting failed for never PHP in system admin @MekDrop (#1060)
• Fixed translation loading for module admin menus @MekDrop (#1059)
• PHP 8.0 & PHP 8.1 support @MekDrop (#1053)

🧰 Maintenance

• Bump .homestead from 9cbb84c to 6dd850d @dependabot (#1116)
• Bump .homestead from 56650de to 9cbb84c @dependabot (#1097)
• Bump actions/cache from 2.1.6 to 2.1.7 @dependabot (#1094)
• Add smarty url function @MekDrop (#1078)
• Bump .homestead from ee603d7 to 56650de @dependabot (#1076)

v1.4.3-rc

What's Changed

• Fixed some warnings and notices in installer for newer PHP versions by @MekDrop in #882
• Protector get_magic_quotes_gpc fix for php 7.4 by @MekDrop in #884
• Smiles in misc.php now are escaped by @MekDrop in #890
• Fix "#881 trying to send mails with SMTP auth gives missing smtp class" by @MekDrop in #889
• Added exception handler by @MekDrop in #888
• Fixed bug when handlers from module separate files cant be loaded by @MekDrop in #887
• Fixes 'Notice: Only variables should be passed by reference in /home/vagrant/impresscms/htdocs/libraries/icms/config/Handler.php on line 237' by @MekDrop in #886
• Fixed bug when admin menu can't regenerate when module folder is removed before uninstalling by @MekDrop in #897
• Fixed syntax error in include/registerform.php by @MekDrop in #896
• fix vulnerability in autoloader by @fiammybe in #913
• block path traversal in image editor, transform .. to _ by @fiammybe in #915
• Fixes/ipf table filtering - limitsel missing POST value by @skenow in #937
• Adjusted template file inclusion for correct path. Fixes #603 by @skenow in #944
• Increase input sanitizing for system module and submodules by @skenow in #943
• Dev/jquery inclusion by @skenow in #935
• Fix for modules admin; user language files - fix #948 by @skenow in #949
• Update release_notes.md by @fiammybe in #1058
• Added filtering to the input in setSortOrder in icms_ipf_table by @fiammybe in #966
• filter url variable in findusers.php by @fiammybe in #967
• Remove the old FCKEditor - no longer supported by @fiammybe in #833
• add CKEditor 4.17.1 by @fiammybe in #1095
• Protector updates - PHP8 compatibility, update and remove legacy code by @skenow in #1098
• Preparations for the 1.4.3 RC release by @fiammybe in #1099

Full Changelog: v1.4.2...v1.4.3-rc

v2.0.0 alpha 11 🌈

What's Changed

🚀 Features

• Added ImpressCMS/codemirror-integration to default installation & fixed installer bug for installing from there @MekDrop (#1051)
• Added asset-packagist repo to composer for installing frontend assets as composer packages (if there is a need) @MekDrop (#1019)
• Added phpseclib/bcmath_compat to make it possible to install without bcmath extension @MekDrop (#1000)
• Remove all editors from core @MekDrop (#800)
• PARTIAL use editor contracts from imponeer to make editors plugable @MekDrop (#1007)
• Do not show module version for unreleased modules in modules admin @MekDrop (#1012)
• Available modules list function now uses module describers @MekDrop (#1011)
• Added possibility for module to copy assets from vendor/ @MekDrop (#1005)
• Use criteria lib from Imponeer @MekDrop (#927)
• Using Composer 2.x API for internal operations @MekDrop (#796)
• Most of Smarty plugins now implemented as composer libraries from @imponeer + xoops_link smarty function removed @MekDrop (#919)
• add install instructions to readme for 2.0 @fiammybe (#917)
• Added smarty 'trans' block and 'trans' variable modifier for translations @MekDrop (#874)
• Added ping to extend sessions automatically @MekDrop (#869)
• Fix/Improvement for cases when a theme was selected but than removed @MekDrop (#855)
• Removed reflex theme from core @MekDrop (#854)
• Site closed view functionality as dynamic SiteClosedMiddleware @MekDrop (#725)
• Code about multi_login moved from common.php into separate HTTP Middlware @MekDrop (#724)
• Session moved from container to middleware + theme changing now from HTTP middleware @MekDrop (#723)
• Added possibility to describe themes (also support for composer themes!) @MekDrop (#770)
• Added possibility to load modules definitions from different type of info files (like icms_version.php or composer.json) @MekDrop (#768)
• Smarty plugins can now be defined as services in container @MekDrop (#752)
• System waiting block is now can be expanded with services defined in container @MekDrop (#750)
• Upgraded middlewares/referrer-spam to 2.0.2 for PHP 8.0 and Composer 2.0 supporr @MekDrop (#826)
• Replace "ICMS_URL . '/modules/' -> ICMS_MODULES_URL . '/'" and "ICMS_ROOT_PATH . '/modules/' -> ICMS_MODULES_PATH . '/'" @MekDrop (#749)
• Using properties instead of setVar when setting database object properties everywhere where is possible @MekDrop (#745)
• Added new translator service @MekDrop (#801)
• Use league/mime-type-detection for dealing with mimetype detection & deprecated icms_Utils @MekDrop (#738)
• Using object property instead of getVar everywhere where is possible @MekDrop (#744)
• Fixed #733: Rename using the proper naming convention (This is a public var) @MekDrop (#736)
• Removed some old openid related code + migration to update openid related fields @MekDrop (#747)
• Added Roave Security Advisories to composer [dev] @MekDrop (#742)
• Encrypt cookies automatically with middleware if such preference is set @MekDrop (#740)
• Timers visible as Server-Timing header (using HTTP Middleware) @MekDrop (#727)
• Messengers fields from user settings where removed @MekDrop (#746)
• Fixed 'Rename using the proper naming convention (this is a public var)' for #731 @MekDrop (#737)
• Removed old style redirect @MekDrop (#726)
• Using FireWall middleware for bad ips checking instead of Security class @MekDrop (#720)
• Replaced DB_SALT env variable with APP_KEY @MekDrop (#739)
• Removes textsanitizer plugins and default DHTMLEditor @MekDrop (#735)
• Removed checkSuperGlobals from Security class @MekDrop (#721)
• Checks referers with HTTP middleware instead of security class @MekDrop (#719)
• Upgraded phpunit to 9.4 and test to make sure PHP 8.0 compatible @MekDrop (#802)
• Changed way how paths in subfolder would be handled @MekDrop (#797)

🐛 Bug Fixes

• Added ImpressCMS/codemirror-integration to default installation & fixed installer bug for installing from there @MekDrop (#1051)
• Fixes few installer errors @MekDrop (#1020)
• Fixed template file source resolving for tplsets @MekDrop (#1018)
• Use editor contracts (second part) @MekDrop (#1017)
• Fixed wrong constant for uptating module config data @MekDrop (#1016)
• Fixes bug with constants translations for console @MekDrop (#1015)
• Fixed bug when module model couldn't load unreleased module info @MekDrop (#1014)
• If database was already initialized, do not go back in installer without message @MekDrop (#1009)
• Better non installed icms detection @MekDrop (#1008)
• Added phpseclib/bcmath_compat to make it possible to install without bcmath extension @MekDrop (#1000)
• Remove all editors from core @MekDrop (#800)
• Available modules list function now uses module describers @MekDrop (#1011)
• Fixed bug when composer.json module describer failed with unreleased modules due release date @MekDrop (#1010)
• Fixed bug when there are no editors of type @MekDrop (#1006)
• Fixed a bug for templates during installation @MekDrop (#1003)
• Fix bug with mindplay/composer-locator old version @MekDrop (#1001)
• Fixed few security issues with packages @MekDrop (#974)
• Fixed tuupola/server-timing-middleware requirements @MekDrop (#975)
• CacheClearSetup steps moved to same namespace/path as other steps @MekDrop (#892)
• Smiles in misc.php now are escaped @MekDrop (#891)
• Fixed bug when was not possible to automatically resolve correct Route Strategy service due missing escape character in beginning @MekDrop (#870)
• Fix/Improvement for cases when a theme was selected but than removed @MekDrop (#855)
• Fixed includeq not working in smarty anymore bug @MekDrop (#849)
• Fixed null response bug for root path instalations @MekDrop (#844)
• Fixed bug with too long cookie names for Table component @MekDrop (#842)
• Upgraded middlewares/referrer-spam to 2.0.2 for PHP 8.0 and Composer 2.0 supporr @MekDrop (#826)
• Fixed #733: Rename using the proper naming convention (This is a public var) @MekDrop (#736)
• Remove whitesource config @MekDrop (#837)
• Removed some old openid related code + migration to update openid related fields @MekDrop (#747)
• Messengers fields from user settings where removed @MekDrop (#746)
• Fixed 'Rename using the proper naming convention (this is a public var)' for #731 @MekDrop (#737)
• Fixed short if bug for newer PHP in BlockHandler @MekDrop (#798)
• Prevents using submitted filenames with ../ for modelcontroller @MekDrop (#813)
• Fixed possible file system exposing due language cookie on installer (reported by hackerone_success) @MekDrop (#822)
• switch to a more explicit form of comparison @fiammybe (#809)
• Changed way how paths in subfolder would be handled @MekDrop (#797)
• Fix '0.0.0/composer-include-files 1.5.0 requires composer-plugin-api ^1.0 -> found composer-plugin-api[2.0.0] but it does not match the constraint.' with newer composer @MekDrop (#787)
• Fixes deprecation 'Array and string offset access using curly braces' @MekDrop (#786)

🧰 Maintenance

• Bump monolog/monolog from 2.3.2 to 2.3.4 @dependabot (#995)
• Bump symfony/translation from 5.3.7 to 5.3.9 @dependabot (#996)
• Bump league/mime-type-detection from 1.7.0 to 1.8.0 @dependabot (#997)
• Bump phpunit/phpunit from 9.5.4 to 9.5.10 @dependabot (#998)
• Bump .homestead from 42def2e to ee603d7 @dependabot (#994)
• Bump .homestead from 7192301 to 42def2e @dependabot (#986)
• Bump symfony/translation from 5.2.6 to 5.3.7 @dependabot (#987)
• Bump symfony/console from 5.2.6 to 5.3.7 @dependabot (#988)
• Bump phpmailer/phpmailer from 6.5.0 to 6.5.1 @dependabot (#991)
• Bump lulco/phoenix from 1.9.0 to 1.10.0 @dependabot (#989)
• Bump league/flysystem from 1.1.4 to 1.1.5 @dependabot (#990)
• Bump lulco/phoenix from 1.7.0 to 1.9.0 @dependabot (#980)
• Bump league/container from 3.3.5 to 3.4.1 @dependabot (#982)
• Bump http-interop/http-factory-guzzle from 1.0.0 to 1.2.0 @dependabot (#983)
• Bump monolog/monolog from 2.2.0 to 2.3.2 @dependabot (#981)
• Bump .homestead from cb987fb to 7192301 @dependabot (#979)
• Bump symfony/polyfill-iconv from 1.22.1 to 1.23.0 @dependabot (#984)
• Bump actions/stale from 3.0.19 to 4 @dependabot (#977)
• Bump phpmailer/phpmailer from 6.4.1 to 6.5.0 @dependabot (#976)
• Fixed few security issues with packages @MekDrop (#974)
• Fixed tuupola/server-timing-middleware requirements @MekDrop (#975)
• Bump .homestead from 47ce122 to cb987fb @dependabot (#973)
• Use criteria lib from Imponeer @MekDrop (#927)
• Bump .homestead from 51bc66d to 47ce122 @dependabot (#970)
• Bump actions/cache from 2.1.5 to 2.1.6 @dependabot (#969)
• skip vulnerable versions of composer/composer @fiammybe (#968)
• Bump actions/stale from 3.0.18 to 3.0.19 @dependabot (#964)
• Bump phpmailer/phpmailer from 6.4.0 to 6.4.1 @dependabot (#963)
• Bump middlewares/base-path from 2.0.1 to 2.1.0 @dependabot (#960)
• Bump defuse/php-encryption from 2.2.1 to 2.3.1 @dependabot (#961)
• Bump symfony/console from 5.2.3 to 5.2.6 @dependabot (#959)
• Bump league/mime-type-detection from 1.5.1 to 1.7.0 @dependabot (#957)
• Bump actions/cache from v2.1.4 to v2.1.5 @dependabot (#956)
• Bump .homestead from 9923e00 to 51bc66d @dependabot (#958)
• Bump lulco/phoenix from 1.5.0 to 1.7.0 @dependabot (#962)
• Bump phpunit/phpunit from 9.5.2 to 9.5.4 @dependabot (#951)
• Bump symfony/translation from 5.2.3 to 5.2.6 @dependabot (#952)
• Bump phpmailer/phpmailer from 6.3.0 to 6.4.0 @dependabot (#953)
• Bump league/container from 3.3.3 to 3.3.5 @dependabot (#954)
• Bump .homestead from 455252c to 9923e00 @dependabot (#950)
• Bump symfony/polyfill-iconv from 1.20.0 to 1.22.1 @dependabot (#955)
• Bump actions/stale from v3.0.17 to v3.0.18 @dependabot (#938)
• Bump symfony/translation from 5.2.2 to 5.2.3 @dependabot (#931)
• Bump league/route from 4.5.0 to 4.5.1 @dependabot (#930)
• Bump phpmailer/phpmailer from 6.2.0 to 6.3.0 @dep...

v1.4.2

This release fixes several bugs that were found during the HackerOne initial penetration test run on the 1.4.1 release. Some improvements and bugfixes are present as well.

This is a repackaged version of 1.4.2, because a small fix in the installer was necessary.

Fixes

• #574 Test 1.4 on PHP 7.4 PHP7 (fiammybe)
• #692 Include new version of profile PHP7 (fiammybe)
• #845 PHP 7.4 : access array offset on value of type null in include/functions.php 1037 php 7.4 (fiammybe)
• #852 anti-clickjacking security vulnerability (report #1055589 by jrckmcsb on HackerOne) (fiammybe)
• #825 Improve path sanitizing bug security vulnerability (MekDrop)
• #814 Better sanitize database queries in installer bug (report #983710 by solov9ev on HackerOne) (fiammybe)
• #637 Notice on admin pages in PHP 7.4 duplicate php 7.4 (fiammybe)
• #843 Fix the amount of cookies (fiammybe)
• #805 Missing templates in system module (skenow)
• #838 Remove whitesource config (Mekdrop)
• #834 + #836 Limit maximum length of password (report #1033373 by f1v3 on HackerOne) (fiammybe)
• #821 Fixed possible file system exposing due language cookie on installer (MekDrop)
• #812 Prevents using submitted filenames with ../ for controller (report #1035311 by siva12 on HackerOne) (MekDrop)
• #815 Better sanitize database queries in installer (report #983710 by solov9ev on HackerOne) (fiammybe)
• #811 Remove phpopenid example folder bug (report #1042838 by hackerone_success on HackerOne) (fiammybe)
• #810 more strict comparison of variables (report #1036883 by hodorsec on HackerOne) (fiammybe)
• #806 Include the missing templates for the image manager (skenow)
• #603 Issue with image inclusion on TinyMCE (fiammybe)

Improvements

• #636 errors in form fields on admin account creation page of the installer (fiammybe)
• #848 Cleanup deprecated functions in functions.php (fiammybe)
• #694 remove the icms_banner reference. No longer present (fiammybe)

1.4.2 Release Candidate

A bugfix and security release :

• Limit Maximum length of password (#836)
• Fixed possible file system exposing due language cookie on installer (#821)
• Better sanitize DB queries in installer (#815)
• Prevents using submitted filenames with ../ (#812 )
• Stricter comparison of variables (#810)
• Include the missing templates for the image manager (#806)
• Remove the icms_banner references - no longer present (#694)