Concrete CMS 9.2.7 is Now Available!

Concrete CMS 9.2.7 is Now Available!

Mar 6, 2024
by jessicadunbar

We are delighted to announce the release of CMS 9.2.7, a significant update aimed at enhancing usability, fixing bugs, and bolstering security within our platform. This update focuses on refining the user experience and improving compatibility with various themes and environments.

Behavioral Improvements

  • Enhanced the display of UI elements when using non-Bedrock/Bootstrap themes, ensuring a more consistent and visually appealing interface across different themes.
  • Updated the "Back to Website" button in the Dashboard to utilize the vanity URL instead of the cID URL, improving navigation and usability.
  • Added database charset and collation details to the environment report for better database management and troubleshooting.

Bug Fixes

  • Resolved an issue where the time selector in the calendar event dialog was not displaying all available times.
  • Addressed several PHP 8 compatibility issues, including undefined array keys in various components and pages.
  • Corrected the pagination functionality in the clipboard side panel and fixed double encoding when displaying page template names.
  • Fixed the inability to clear date/time attributes using the built-in HTML datepicker's clear link.
  • Solved a bug affecting advanced search by time in the Logs and an error when including an ampersand in the site name, leading to incorrect display in the browser title.
  • Fixed logging issues with non-scalar values.

Security Updates

  • Addressed CVE-2024-2179: A stored XSS vulnerability in the Name field of a Group type. This vulnerability, identified with commit 11965, could allow a rogue administrator to inject malicious code. This has been rectified to prevent execution of unauthorized scripts due to insufficient validation of administrator-provided data. Note: Only Concrete versions 9 and above are affected by this vulnerability.

9.2.7 Release Notes

For a comprehensive list of all enhancements, bug fixes, and security updates, please refer to our detailed release notes.

Security Fixes

For more detailed information about the security fixes in this release, please visit our security release blog post.

We are committed to continuously improving our CMS to provide a more secure, efficient, and user-friendly experience for all our users. Thank you for your ongoing support and feedback.

To view all the new features and updates in version 9, please visit our landing page: