Enano CMS

Text_Wiki has been completely replaced. Numerous security fixes and improvements were made. Internet Explorer support was improved slightly. Secured/Encrypted logins were enabled for iPhone OS 3.0. UTF-8 is now fully supported in usernames and passwords. Server side pagination of comments was implemented. Several improvements were made to administration. Many other changes were made.

A new default theme, Enanium, introduces template hooks along with the ability to hide the Tools, User, and Search sidebar blocks and replace them with your own code. Live Re-Auth is a security feature that protects access to page tools by asking for your password without reloading pages. Also, passwords are now stored as HMAC-SHA1 hashes. This release has support for the Yubikey. A plugin can extend the Enano authentication system to allow authentication through other services. There is a new rewritten Log interface and rewritten admin dashboard page.

This is the final alpha release in the Enano 1.1.x series, which will eventually end with the stable release of Enano 1.2.0, codenamed Caoineag. Note that this release is highly unstable and is likely to cause you problems. If you install it on a production Web site, do not expect any support. No support of any kind is provided for this release. Enano 1.1.x will not run on PHP 4.x. PHP 5 or PHP 6.0.0-dev is required.

This release addresses an XSS (cross-site scripting) vulnerability in the shared HTML sanitizer, potentially allowing guests to inject arbitrary JavaScript code into comments and pages. The vulnerability only affects users of Microsoft's Internet Explorer browser. This release is part of the ongoing maintenance of the Banshee (1.0) stable branch.