New Features

  • Generic SMTP Server support has been added to the Mail Delivery options.
  • A quick link for viewing a user's audit trail when editing them has been added.
  • Quick links to toggle between editing a Setting's value and configuration have been added.


  • TinyMCE has been updated to 4.6.5.
  • The 404 Manager now supports multi-domain sites.

Bug Fixes

  • Fixed empty folder names being able to be created in the File Manager
  • Fixed attempting to logout on the front-end of the site throwing a CSRF error.
  • Fixed attempting to view an audit trail through the overflow menu shortcut throwing a CSRF error.
  • Fixed phtml/pht files are no longer allowed file types to be uploaded to the File Manager as they are a security risk on some systems. (thanks xkfxkf)
  • Fixed unlocking pages being vulnerable to a CSRF attack. (thanks xkfxkf)
  • Fixed users being able to delete themselves if they tried very hard to do so. (thanks xkfxkf)
  • Fixed resizing of view columns occasionally breaking if the right column was resized.
  • Fixed unescaped data being drawn when viewing a package / extension's details before installing. (thanks xkfxkf)
  • Fixed a plethora of minor CSRF-vulnerable actions. (thanks xfkxfk)
  • Fixed revision descriptions not being escaped when saving page revisions. (thanks xfkxfk)
  • Fixed pending page changes not being properly escaped after updating. (thanks yjn818)
  • Fixed replacing files in the File Manager failing with a CSRF error. (thanks Joe @ Ignition 72)
  • Fixed duplicate results in the File Manager when searching for files that exist in multiple folders.
  • Fixed the generated Route field type not saving its options. (thanks doon.mok)
  • Fixed SQL Injection related data leakage in saving tags. (thanks songtancat)
  • Fixed duplicate required messages in custom fields with multiple sub-fields that are required.
  • Fixed recursive matrices throwing errors in Integrity Check
  • Fixed deprecated TinyMCE spellcheck settings (thanks mcongrove)
  • Fixed XSS vulnerability in the photo gallery on the example site. (thanks lsg2409)
  • Fixed empty module forms not being editable.
  • Fixed no error being thrown when a form failed to add an entry due to a SQL error.