One of the top tenets of ImpressCMS is to be a secure platform for your websites. In response to a recent CVE report, additional validation and sanitation of user has been implemented in the 1.2 and 1.3 releases. Once again, we were aided by Pedro Ribeiro of Agile Information Security Ltd. in testing the patches for this issue.
If you ever discover a vulnerability or are uncertain about the security of ImpressCMS, please use our Security Issue Report form to let us know.
The new 1.3 release is available for download on the ImpressCMS 1.3 product page.
We continue to provide support for the 1.2 series of ImpressCMS. Once ImpressCMS 2.0 Final is released, the 1.2 support will be discontinued. The update for 1.2 (our Long Term Support version) is available on the ImpressCMS 1.2 product page