Mambo CMS - Celebrating 6 years of freedom.

MOStlyCE Important Update

We are proud to bring you MOStlyCE version 3. This represents the first major release for MOStlyCE in several years.

Release Notes:

• Upgraded to the latest TinyMCE v3.0 core which was a full rewrite for the project. This includes tons of bug fixes, better cross browser support (Safari too), cleaner code, etc.
• Security holes closed and additional security checks added
• Resolved outstanding compression and spellchecker issues. They should both be working now in most common browsers/environments.
• Added new pagebreak toolbar option which inserts a more visible indicator
• Added new dropdown selection lists for images stored under /images/stories and for linking to existing sections, categories, or content
• MOStlyCE is now distributed as a single .zip file. There are three parts to the package; the mostlyce mambot, the mostlyce admin component, and the mostlyce frontend component (needed for the new dynamic link list features). All three parts are required for proper functionality of this extension.

Version 2.x of MOStlyCE is now deprecated and version 3 is now recommended for all Mambo 4.6+ users. We encourage you to upgrade to take advantage of the latest developments and increased security.

See the official doc page for more information and upgrading tips.

Also in order to manage releases better and keep things a bit cleaner we have created a stand-alone project on the forge for MOStlyCE. You can find that new project page here. It is still being distributed with the Mambo core, but releases for MOStlyCE that come outside of normal core releases will be found there.

The Mambo Team announces the final release of the Mambo 4.5.x series of releases. This marks the end of an era for one of the web's most popular Free Open Source Software (FOSS) Content Management Systems (CMS). The enormous success of Mambo 4.5.x led to many forks, some successful, some less so. "Mambo 4.5 has been a great CMS, a good framework, and a great school to many of us", says Ozgur Cem Sen, Core Team Leader of Mambo.

"We have been overwhelmed with the positive feedback we've received for the Mambo 4.6.x series, initially released over 16 months ago", continues Mr. Sen. "We encourage all Mambo users to upgrade to the latest stable release of Mambo 4.6."

During the last several months, the Mambo Team has been working very hard on the upcoming Mambo 4.7, as well as maintaining and doing minor development on Mambo 4.6.x. The Mambo Team also has been discussing Mambo 5. "It is time to look forward, and focus our efforts towards growth", says Nicolas Steenhout, Secretary of the Mambo Foundation, Inc.

Project Leader, Chad Auld says that this is both a sad and an exciting time for Mambo. "It is always sad to see software reaching the end of development," Chad says, "Mambo 4.5 has been with us for many years". He adds, "Mambo 4.5's time has passed and Mambo is moving forward to an even better future. With 4.7 getting closer to release and planning under way for Mambo 5.0, we have exciting things coming."

Team Mambo supports those sentiments and wishes to thank everyone who contributed to Mambo 4.5. This is an exciting step forward for Mambo and one which the Team hopes will be supported by the community.

Farewell Mambo 4.5!

What's Changed?

1) Hardened security.
2) Updated mod_templatechooser to improve security.
3) Fixed a small issue with the PDF code.
4) Fixed a PHPMailer issue
5) Fixed login and logout redirection issue.

Mambo 4.5.6 is code named "Sunset".

You can download Mambo 4.5.6 from the Mambo Code forge here:
http://mambo-code.org/gf/project/mambo/frs/?action=FrsReleaseView&release_id=304

While there, you may like to click on the link to the forge sponsors site. Every project hosted on the forge is offered free hosting for the project on BuyHTTP and they have some good deals going for Mambo hosting too. Support for our sponsors directly helps the Mambo project.

If you have any reminiscences or thoughts to share about the sunset of the Mambo 4.5 branch you can discuss them here: http://forum.mambo-foundation.org/showthread.php?t=9843

Team Mambo announces the release of Mambo 4.6.3!

Code name "Dylan", this minor version release features a number of security improvements and bug fixes.

These include:

• Stability & security improvements
• Performance improvements
• A number of bug fixes
• Improved compatibility with 3rd party extensions
• Updates to some core extensions

What's New in 4.6.3...

Security Fixes:

*php mailer security fix.
*template chooser security fixes
*XSS fixes in administrator backed
*sample configuration file renamed to configuration.sample.php

Bug Fixes:

*fixed banner manager custom-code bugs
*fixed mambo admin template install problem
*fixed special vs. registered users menu access related problems
*fixed login component redirection
*fixed line breaks in emails in Mambo
*fixed missing links in pathway
*fixed problems with module ordering affecting menus
*fixed an xml parser problem in the installer
*fixed section module problems related to Itemid.
*fixed content editing resulting in overriding the article creator
*fixed incorrect escaping of weblinks' titles, description

Enhancements:

*mostlyce upgraded to 2.4
*mostlydbadmin upgraded to 1.5
*geshi upgraded to 1.0.7.20
*enhanced editor initializing
*enhanced weblinks component, so the target param is not confusing anymore
*updated the sample data so Mambo links will be up-to-date with the recent Mambo sites changes
*Some XHTML compliance work
*added option to block the blocked users in the mass email
*added mosshowhead and some helper classes to select/exclude head tags
*added module buffering
*added the ability to delete superadmins
*added search feature in language manager
*added onAfterStart mambot trigger
*compressed js and css files for improved performance

Mambo 4.6.3, including upgrade files, can be found on the Mambo Code forge here: http://mambo-code.org/gf/project/mambo/frs/

Because Mambo 4.6.3 is a security and maintenance release we advise everyone using Mambo 4.6 - 4.6.2 to upgrade. If you are not running Mambo 4.6.2 then you should patch up to this version prior to applying this new patch. Upgrade instructions are provided in the patch download - please read the instructions!

Note about Mambo Security.

Each of the security fixes relates to vulnerabilities that have the potential for exploit. There have been no known cases of them actually being exploited and most relate to backend/administrator security weaknesses that would first require someone to be logged into the backend.

A Secunia advisory reported a "proof of concept" regarding two potential security flaws in 4.6.2 (http://secunia.com/advisories/28133/). Only one of the reported flaws had any potential to insert code and even then, the code could not be executed. The result of extensive testing showed that where a user was using an unpatched version of IE6 it was possible to enter raw text into one form in Mambo 4.6.2. While this would not compromise a site because the script could not actually run, the vulnerabilities in IE6 could result in a small amount of unwanted text appearing below a form.

While this flaw was really a browser flaw (that has been fixed in recent updates to IE6) we blocked the hole that allowed unauthorised text to be inserted.

The Secunia advisory does not relate to Mambo 4.5.5.

While the 4.6.2 security vulnerabilities are low level, we prefer everyone to be running sites that have a high level of protection and the bug fixes, feature and performance improvements make this a very worthwhile upgrade.