Concrete CMS Security Advisory and Security Releases 9.1.3 & 8.5.10

Two Security Releases are now available for both supported versions of Concrete CMS. Check out the 8.5.10 release notes and 9.1.3 release notes

The new Concrete CMS vulnerabilities are described in the 2022-10-31 Security Advisory. You are the first to know! We have requested that the CVEs be published but they will take several days to be posted by MITRE and NIST.

@andrew It seems develop branch is behind from latest release, release/9.1.3 branch is not merged to develop yet.

@hissy All the fixes in 9.1.3 were individually put into the develop branch. I verified each of the commits.

1 Like

@hissy develop has diverged from 9.1 for awhile. 9.1.3 was branched off of 9.1.2. develop is 9.2+

1 Like

Any changelog for v8.5.11 and v8.5.12?


1 Like

8.5.11 and 8.5.12 had fixes for PHP 5.5 compatibility