ocPortal

9.0.25 released. Read the full article for more information, and upgrade information.

Dear users,Composr CMS version 10 has now been released to beta on our new site, compo.sr.Composr is the direct successor to ocPortal, moving our whole platform forward with an overhauled architecture and brand. It is the result of years of work ... [More] where we have reevaluated every aspect of what we do, making more improvements than we could possibly list. Composr is truly a modern platform for a modern web.Composr 10 allows upgrading both from ocPortal versions 8 and 9. Upgrading is much like upgrading has been between ocPortal versions. Direct theme compatibility has not been maintained, however with some work v9 themes can be adapted.I would like to thank our users for remaining patient during the long v10 development. It has taken a lot longer than we expected, but we got there in the end, with minimal complaints from users. We very much appreciate this. I would like to thank KingBast in particular, as he has taken the initiative to test our work on an ongoing basis over months. No doubt our beta is significantly more stable than it would have been without his help. Roadmap We will now be following a roadmap for the phasing out of ocPortal… Date Status February 2016 (today) Composr beta released February 2016 (today) All ocportal.com users can login to compo.sr with their existing accounts February 2016 (today) Offer to ocPortal support customers to transfer unspent support credits to compo.sr March 2016 Composr v10 release candidates, and our recommendation that all new sites are developed with Composr rather than ocPortal March 2016 Composr v10 final released March 2016 Normal business resumes for ocProducts, we accept support work (including ocPortal to Composr upgrades) and consider taking on new projects March 2016 Composr Mobile SDK released (our iOS/Android toolkit) April 2016 Composr v10.1 released (incorporating sponsored features that have been back-logged, and possibly our new theme upgrader system) April 2016 Recommendation for ocPortal users to start migrating to Composr April 2016 We promote migration to Composr in favour to providing ocPortal support services, and no longer expect our staff to be skilled in ocPortal June 2016 No more ocPortal 8 releases, even if there are security holes found December 2016 No more ocPortal 9 releases, even if there are security holes found This roadmap is subject to review and change.We plan for ocportal.com to remain open indefinitely, but gradually over time we expect users to migrate over to the compo.sr community, and staff will visit the ocportal.com site less and less. Changing business model for commercial work Some time ago we stopped taking on new client projects so that we could clear our back-log and get Composr finished.With the launch of Composr, we aren't just changing our product and brand, we are also changing our company's business model.We now expect for the majority of projects that we will be recommending local development companies, rather than doing the work ourselves.There are a number of reasons for this, but the main reason is that the web is no longer a world to itself, and websites are no longer simple. A serious website development needs to be carefully planned, with ongoing real-world meetings, ongoing work, and a serious business mind-set.Given the changing nature of the world economy, the increase in website costs, and the increasing complexity, we feel it is better that local companies do this work rather than it being done online.To this end, a part of the Composr website includes:streamlining the briefing process for projects, for efficient hand-overslisting development agencies world-wide (there is no cost to listing)us providing many high-quality tutorials that disseminate key project management skills to agencies, suitable for highly-complex CMS projectsWe aim to raise the bar in our industry, and to make our money more on feature sponsorship and long-term engagements, than individual one-off projects.To sum up, we are radically changing things how things are done to reflect the modern expectations in this era of startups and major web properties. [Less]

8.1.22 released. Read the full article for more information, and upgrade information.

9.0.24 released. Read the full article for more information, and upgrade information.

8.1.21 released. Read the full article for more information, and upgrade information.

9.0.23 released. Read the full article for more information, and upgrade information.

8.1.20 released. Read the full article for more information, and upgrade information.

9.0.22 released. Read the full article for more information, and upgrade information.

There is a CSRF vulnerability for ocPortal. The vulnerability bypasses our referrer checks for checking forms posted to the system. It allows malicious third party websites to trick administrators into submitting coded forms (i.e. coded actions) into ... [More] the system.The vulnerability only happens in very particular circumstances, which we are not currently disclosing.The vulnerability only can occur when the administrator already has a confirmed active login session open (not just a cookie login), and only when they are tricked into going to the malicious third-party site somehow. It is never-the-less a serious issue if a knowledgable hacker desires to directly trick your staff to perform this attack.We highly recommend installing this hot-fix:0002074: Security fix for CSRF vulnerability - ocPortal feature trackerIf you have a firewall tool that strips out referer headers then you should disable that firewall option, as it will significantly weaken security (it prevents us checking form origins). You should also not block cookies on your own site, as our added protection relies on being able to save a cookie. Credit for the vulnerability goes to Arjun Basnet from Cyber Security Works Pvt Ltd (Welcome to Cyber Security Works). We appreciate the time taken to find this issue and report it to us. [Less]

8.1.18 released. Read the full article for more information, and upgrade information.