OneThird CMS

Lightweight CMS for Small website, Web application framework.

Download Document


About security updates

As many of you may have noticed, a security alert will appear when you open the backup tool.

The security update version v1.96(g) has already been released in April.

Sorry for the late announcement.

The main correction point is the deletion of support for older browsers.

At the same time, we have stopped publishing the file management plug-in.

This is because the embedded elFinder has a vulnerability.

If you are using it, please pay close attention to its use immediately.

In the future, we will stop supporting the file management tool itself.

The reason is that file management tools that use external modules are susceptible to vulnerabilities and cannot be fully supported here.

Instead, we will publish a method to incorporate an external module as a OneThird CMS plug-in at a later date. Regarding elFinder, you will have to install the latest version each time at your own discretion.

In addition, it does not take a lot of man-hours to incorporate. We will prepare the document so that it can be done in about 30 minutes, so please wait for a while.

Also, when operating with SQLite, the extension is ".db" by default, but if you rename this, there is a risk that the database will be leaked to the outside. Also, even if you do not rename it, there is a risk that it can be easily viewed by a third party depending on the settings, so please be careful if you use SQlite.

* In the next version, the old file management plug-in will be forcibly uninstalled. An alternative method will be announced by the next security improvement example, so please work on it.

* Nginx is not officially supported, but it is operable. Please note that .db is displayed by default on the same web server.

Google Website Translator - Google Translate