vulnerability update

Hi,

Id like clarification on the security update issued today for Site sculptor.

is the configuration file supposed to be copied to each site folder that only uses cms?

How do we update the actual extension in dreamweaver? will there be an update issued shortly for the extension itself?

cheers

I have a followup question. The file, configuration.php, seems to be a new version of the configuration for the file browser for HTML editor. But, if I overwrite using your new file, all of the "require_once" links are now wrong, and the folder settings on where I want files to upload are all overwritten and now wrong. Not sure if this "fix" was thought through correctly. I'll wait to hear more before applying update.

The initial instructions for the site sculptor fix had an error, we apologize for any inconvenience.

For each of your site sculptor sites, the updated configuration.php file should be copied to the following folder:
HTMLEditor/editor/plugins/kfm/configuration.php


to fix the issue in the extension for any new sites you create, copy the updated configuration.php to the following location under the users configuration folder (for help locating the configuration folder, see the Common Installation issues PDF:
common_installation_issues.pdf):

Shared\WebAssist\SiteSculptor\cms\files\HTMLEditor\editor\plugins\kfm\configuration.php


contact318852: If you had a webassist/kfm/configuration.php file in your site sculptor site, it would mean the power CMS installation in your site was either from the Power CMS 2.1.1 Solution pack or from Power CMS Builder which are not effected by this vulnerability.

Hi Jason,

Just to clarify your last post, - so Power CMS 2.1.1 Solution pack doesn't need the fix? The email notification about the vulnarability fixes says:

  . . . update all sites in which you are using PowerCMS 2.x.  

So that would be all sites using 2.x. EXCEPT PowerCMS 2.1.1?

Thanks

that is correct neilo, I clarified this in the readme file available in the download center by adding the following note:

NOTE: This fix is only needed for PowerCMS 2.1.0 and below. To determine if the fix is needed, look for the following file:
HTMLEditor/editor/plugins/kfm/configuration.php

If it does not exist, you are using version 2.1.1 and do not need to apply this fix.

Thanks Jason,

I did not see that readme when I downloaded the fix. The info in the email was contrary to that, so I wasn't looking for the fix fix!

Edit: Too confused now.

are you reading the notes next to the link? or are you reading the actual read me file contained in the downloaded zip? the note I referenced is in the readme.htm file that is the downloaded zip file.

Now I am reading the re-downloaded readme.htm file (I was looking at the notes before). I can see the 2.1.0 or less info, I missed it first time when I rushed into updating.

All is now clear, thanks.