michael_s's blog

osCMax v2.0.25 coming this week

The scheduled maintenance release of osCmax v2.0x will be posted later this week. A few new bugs found in 2.0.15 have been fixed as well as some fixes that didn't make it into the last release due to time constraints.

Bugs Fixed

osCMax v2.0.15 release and project details

     osCMax v2.0.15 was released a few days ago and I wanted to fill in a few details to explain what this new release is all about. The new version fixes a lot of issues that were present in the previous release and is primarily a bug fix release. there were also several additions to features/functions.

Security Notice : osCMax 2.0.4 Released

A serious security vulnerability has been discovered in osCMax v2.0.3 and all prior versions. It is important that you follow the below instructions carefully to secure your site. Failure to do so could result in your site being breached by attack.

The following files must be removed from your site's administrative panel folder:


New osCMax v2.0.3/v2.1 addon mods released

Over the last week I have been releasing a few mods that I converted to osCMax format. They are all very useful mods, and add a ton of features to osCMax

osCMax v2.0.2 Bugfix release

osCMax v2.0.2 has been released. This is a bugfix release and it is recommended that you update to this new version.


osCMax v2.0.1 Bugfix release

A bug fix package was released a couple days ago. If you missed the announcement, grab the fixed file from the bugtracker here:

Bug 282


Just one template file is affected, so be sure to get the fix. The main osCMax download V2.0.1 already has this fixed. 

osCMax v2.0.0 Released

osCMax v2.0.0

The release is now official, get your osCMax 2.0 Stable download today:



osCMax 2.0 RC4 has been released

Finally, osCMax 2.0 RC4 is here, with hundreds of improvements, upgrades, patches and updates. There was so much to do from RC3 to RC4 that it was a sometimes a daunting task to keep at it.


For a list of changes and download link, check out the release announcement here:

osCMax Security Update - XSS flaw patched

An XSS security flaw has been found in osCMax, specifically the printable catalog module. The flaw is in all 2.0 versions, including RC3, RC3.0.1, RC3.0.2, and RC4 SVN.


osCMax Security Update - Arbitrary Upload Exploit

A security hole was found in osCMax 2.0 RC 3.0.1 that allows a remote attacker to upload files to your site via a browser.


Syndicate content
User List