There is a serious vulnerability found in older builds of October CMS. The issue affects all websites and upgrading to the latest version is highly recommended.

October Build v1.0.468 and less

There has been a serious vulnerabilty discovered in all builds of October CMS prior to 469. The issue affects all websites using the CMS module and upgrading to the latest version is highly recommended.

Update instructions

One-click updater

If you are running October CMS build 468 or below, this means you are using the platform that operates on the Laravel Framework 5.5. At the time of writing, this is the version available when using the one-click updater from the backend.

• Simply navigate to Settings > Updates & Plugins and click Check for updates
• Make sure you are running build 469 or higher

Note: If you are running an October CMS build prior to 420, this means that it is operating on Laravel 5.1 and this update should still work so long as your PHP version is 7 or above.

Composer users

If you are using composer, ensure your dependencies are as follows:

"october/rain": "~1.0.469",
"october/system": "~1.0.469",
"october/backend": "~1.0.469",
"october/cms": "~1.0.469",
"laravel/framework": "~5.5.40",
"wikimedia/composer-merge-plugin": "1.4.1"

October Build v1.1

If you are testing the version of October CMS that uses the Laravel Framework 6.0 and this version is only available via composer. Please ensure your dependencies are as follows:

"php": ">=7.2",
"october/rain": "~1.1.0",
"october/system": "~1.1.0",
"october/backend": "~1.1.0",
"october/cms": "~1.1.0",
"laravel/framework": "~6.0",
"wikimedia/composer-merge-plugin": "1.4.1"

If you would instead like to switch to the newly available Laravel 6 upgrade as a part of your update process please follow the instructions in Release Note 11.