5.6.4.0 Release Notes

Improvements?

Let us know by posting here.

5.6.4.0 is very likely the last release of legacy concrete5. It features:

  • Fixes a vulnerability which permitted authenticated users to view the contents of arbitrary messages sent through the My Account section (Learn more at https://www.concrete5.org/about/blog/security/messaging-system-vulnerability)
  • PHP7 compatibility
  • User avatar updated to run without flash
  • Email validation fixed to allow TLDs with more than 3 characters
  • Multi-byte support in email validation
  • Short tags removed