Project News
Apr 3, 2024, 7:25 PM
Date and Time: April 9, 2024, at 9:30 a.m. PDT
Location: Live on YouTube
Join our April Town Hall, broadcasted live on YouTube.
Security News
Apr 3, 2024, 7:20 PM
We will be publishing a number of CVEs today which were remediated with Concrete CMS versions 8.5.16 and 9.2.8.
Mar 6, 2024, 2:04 PM
The Concrete CMS Team is publishing CVE-2024-2179 with the release of 9.2.7; Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field.
Feb 12, 2024, 2:26 PM
On February 7th, 2024, we received a bug report that the rich text editor in Concrete CMS 8 and 9 was displaying a strange and alarming warning. Learn more about this warning, what it's regarding, how to suppress it and what we're doing about it going forward.