5.6.4.0 Release Notes

5.6.4.0 is very likely the last release of legacy concrete5. It features:

  • Fixes a vulnerability which permitted authenticated users to view the contents of arbitrary messages sent through the My Account section (Learn more at https://www.concrete5.org/about/blog/security/messaging-system-vulnerability)
  • PHP7 compatibility
  • User avatar updated to run without flash
  • Email validation fixed to allow TLDs with more than 3 characters
  • Multi-byte support in email validation
  • Short tags removed
Loading Conversation

Could this page use improvement? Edit it!

Edit Page