github slackero/phpwcms v1.12.0
phpwcms v1.12.0
on GitHub

5 hours ago

Release phpwcms v1.12.0

Happy mid-2026! We are pleased to announce the release of phpwcms v1.12.0. This release includes major security hardening, PHP 8 compatibility improvements, dependency updates, and feature enhancements.

What's Changed

🛡️ Security Hardening

  • XSS Mitigation: Resolved security vulnerabilities by properly escaping template outputs (#372).
  • Cryptographically Secure CSRF: Implemented cryptographically secure CSRF tokens and updated translations.
  • UX Alert Hardening: Added warning icons (RTL-aware) and improved link visibility for CSRF alerts on the login page.
  • Web Server & Configuration Hardening:
    • Blocked public access to Composer configurations (composer.json, composer.lock) and PHPStan configurations via .htaccess.
    • Aligned and hardened rewrite rules of nginx.conf and IIS web.config to match the updated .htaccess rules.

⚙️ PHP 8 Compatibility & Bug Fixes

  • Array Type & Unserialize Warnings: Resolved various PHP 8 array type warnings and unserialize check errors in the shop system and content rendering engine.
  • Image Helper Modernization: Modernized the core image helper module to ensure clean operation under PHP 8.
  • Array Merge Fix: Resolved a TypeError in cnt25.takeval.inc.php during array_merge execution.
  • Include Path Fixes: Corrected the require_once order and paths for conf.inc.php and default.inc.php (#371).

✨ Features & Enhancements

  • TinyMCE 8 Integration: Integrated the new TinyMCE 8 editor option into user profiles and the tabs template.
  • Disk Caching for Sitemap: Implemented disk caching for the sitemap and enabled feed URL generation for News modules.
  • Localisation & Version Check: Localized calendar month names and weekdays, and updated the version checker to use secure SSL connections.
  • CookieConsent v3 Translation: Passed user-defined customize text to the CookieConsent v3 modals to ensure custom buttons are correctly localized.
  • Deprecations: Formally deprecated obsolete media plugins (Flash, RealMedia, QuickTime) in favor of HTML5 native video or Video.js.

📦 Dependencies & Cleanup

  • Libraries:
    • Updated jQuery to 4.0.0 and jQuery Migrate to 4.0.2.
    • Upgraded Symfony polyfills to v1.38.1.
    • Updated Guzzle, PHPMailer to 7.1.1, PHPSpreadsheet to 5.7.0, and league/oauth2-google to 5.0.0.
  • Codebase Cleanup: Cleaned up outdated MooTools and jQuery remnants and removed the obsolete GoogleMapsAPI directory.

Upgrade Instructions

  • You can view the full comparison of changes since the last version here.
  • Remember that it's recommended to upgrade legacy phpwcms installations (< v1.10) to the legacy release v1.9.48 first.
Check out latest releases or
releases around slackero/phpwcms v1.12.0

Don't miss a new phpwcms release

NewReleases is sending notifications on new releases.

Get notifications