C1 CMS 6.11
C1 CMS 6.11 (6.11.7982.26191)
Download
What’s new in C1 CMS 6.11?
This release is mostly focused on stabilization and fixes, including a critical security fix, and requires .NET Framework v4.8.
New features
Support for pluggable image formats for resized images (such as WebP).
Automatically signing resized Media URLs with a hash for additional DoS attack resilience.
Search documents now have a "Boost" property for index time boosting to give users more control of the results displayed.
WebObjectActivator is automatically configured (kudos to @burningice2866)
Critical security fix
We have performed a critical security fix for a Remote Code Execution vulnerability, where a C1 Console user (with any access level) can complete a remote code execution attack on the website. This vulnerability cannot be exploited by anonymous users, but we urge all of our users to upgrade to this release at the earliest convenient time.
A big thanks to Le Ngoc Anh - Sun* Cyber Security Research Team working with Trend Micro Zero Day Initiative for taking the time to analyze, document, and report the vulnerability in a thorough and responsible way.
Free automated upgrade
To best protect you, Orckestra is providing free, immediate, and direct access to our automated upgrade feature – any C1 installation from C1 version 5.0 and later can now be upgraded to this release, free of charge.
Minor changes and bug fixes
Fixing a security issue related to JSON deserialization, having access to the console is a pre-requisite for it.
Xml sitemaps - "EnforceHttps" property of a hostname binding should be taken into account
Fixing FileLogTraceListener blocking execution when there are more than 10 website instances, sharing the same network drive (For example: an Azure AppService with 10+ instances).
Fix #777: Added validation for invalid XML characters that can break UI, such as  (LSEP)
Fix #776: Duplicate <title /> tag in the new rendering pipeline
