Project News
Mar 6, 2024, 2:08 PM
Date and Time: March 12, 2024, at 9:30 a.m. PDT (find your local time here)
Location: Live on YouTube
Don’t miss our March Town Hall
Security News
Mar 6, 2024, 2:04 PM
The Concrete CMS Team is publishing CVE-2024-2179 with the release of 9.2.7; Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field.
Feb 12, 2024, 2:26 PM
On February 7th, 2024, we received a bug report that the rich text editor in Concrete CMS 8 and 9 was displaying a strange and alarming warning. Learn more about this warning, what it's regarding, how to suppress it and what we're doing about it going forward.
Feb 7, 2024, 2:26 PM
We will be publishing three CVEs for very low vulnerabilities that were reported and fixed in Concrete version 9.2.5. These vulnerabilities affected Concrete version 9 only.