The new Concrete CMS vulnerabilities are described in the 2022-10-31 Security Advisory. You are the first to know! We have requested that the CVEs be published but they will take several days to be posted by MITRE and NIST.
@andrew It seems develop branch is behind from latest release, release/9.1.3 branch is not merged to develop yet.
@hissy All the fixes in 9.1.3 were individually put into the develop branch. I verified each of the commits.
@hissy develop has diverged from 9.1 for awhile. 9.1.3 was branched off of 9.1.2. develop is 9.2+
Any changelog for v8.5.11 and v8.5.12?
8.5.11 and 8.5.12 had fixes for PHP 5.5 compatibility