Added on March 12, 2020
by Insercorp Development Team
03/12/2020: Includes Security Improvements as well as Updates for the PlasmaDrive, Exit Gate, and Form Manager
The Insercorp Development Team has released an update which includes system updates to mitigate potential security vulnerabilities, resolves an issue related to managing categories in the PlasmaDrive, security improvements and bug fixes for the Exit Gate, and User Interface / User Experience improvements for the Form Manager.
iPlasmaCMS2 version 8.5.1
Security Improvements
- Removed older JavaScript libraries to prevent exploitation of deprecated code
- Removed a configuration file to prevent the exposure of possible sensitive information
- Removed a readme file to protect source code and directory structures
PlasmaDrive
Exit Gate (for .GOV Websites)
- The Exit Gate which warns users when they are leaving the website after clicking a link to an external website had a potential vulnerability which could allow for a redirection exploit. The Exit Gate has been updated to prevent a redirection attack.
- Previously when certain special characters were included as part of a URL for an external website hyperlink the Exit Gate did not properly redirect Website Visitors to the intended URL. This has been fixed so that the Exit Gate will properly forward to the linked URL.
Form Manager
- The interface to manage Automated Email Receipts sent when a Website Visitor submits a Form has been re-designed to include the ability to customize the email Subject, attach an image, and includes a new email-friendly basic WYSIWYG Editor to customize the email’s font styles.
- The Receipt tab now includes a Preview of the Automated Email to allow Website Administrators to see how the email will look as they make changes.
- Previously if a link was inserted in the email receipt content it was treated as a relative link and removed the portion of the URL containing the Website’s Domain Name which caused a broken link in the Automated Emails sent when users submitted a form with a receipt enabled. This has been fixed so that the Form Receipt’s WYSIWYG Editor will no longer remove the Website’s Domain Name from the URL in the Automated Email.