Exponential / About / Project / Changelog

Changelog

An authoritative chronological record of updates, enhancements, fixes, and system improvements to Exponential CMS.

Changelog for the Exponential CMS and Exponential Family of CMSs!

Recent Updates:

Exponential CMS

Legend:

  • + new feature
  • * functionality improved
  • - issue resolved
  • ! pay attention

Exponential 6.0.14

2026/06/14 @ 04:43:04 PDT

Release of Exponential 6.0.14 (From 7x)

Official stable release of Exponential 6.0.14 (Stable).

Release date: 2026.06.07.

What's Changed / What's New (Since Exponential 6.0.13)

The main themes of this release are Security Hardening, PHP 8 Compatibility FixesMongoDB Database Support Added throughout the Exponential kernel (legacy only atm).

Download Release: se7enxweb/exponential/releases/tag/v6.0.14

Changelog Details

  • New Features

    + MongoDB 8 Database Adapter

  • + MongoDB 8 Database Setup wizard Integration

  • + MongoDB 8 Database Migration tooling (bin/mongodb/)

  • Bug Fixes

    * Setup Wizard: Shared-Hosting MySQL (No Root Mysql Table Access Required)

  • * Setup Wizard: PostgreSQL Installation Compatibility Bugfix With PG v13

  • * Admin Templates / JS - node_tabs.js: replaced deprecated jQuery .size() with .length (removed in jQuery 3.x) — restores tab selection and cookie-based tab restore.

  • Maintenance

    * Copyright year bumped 2025 → 2026

  • * Default new-installation package version moved from 6.0.10 → 6.0.14

  • Documentation

    + Added: Mongo DB Database Support Guide Documentation @ https://github.com/se7enxweb/exponential/blob/main/doc/bc/6.0/MONGODB_KERNEL_SUPPORT_EXPANSION.md

  • Contributors: 7x, Graham Brookins, CJW Network

Exponential 6.0.13

2026/05/27 @ 01:18:51 PDT

Release of Exponential 6.0.13 (From 7x)

Official stable release of Exponential 6.0.13 (Stable).

Release date: 2026.04.20.

What's Changed / What's New (Since Exponential 6.0.12)

The main themes of this release are Security Hardening, PHP 8 Compatibility FixesSQLite3 Driver Improvements, New Template String Operators, and an upgraded PHPUnit v13 Test Suite.

Download Release: se7enxweb/exponential/releases/tag/v6.0.13

Changelog Details

  • Security Fixes (Critical — PR #60: security-hardening-exp-6013)

    * SEC [SEC-01..06]: Fix SQL injection and OS shell injection — 4 files patched, 6 attack surfaces closed. Parameterised queries and shell-argument escaping applied to previously vulnerable call sites.

  • * FIX [UND-01..03, LOG-01..02, NUL-01..13, PRG-01]: Null/undefined guards and logic corrections — 12 files hardened against undefined-variable and null-dereference conditions that could lead to information disclosure or logic-bypass under PHP 8.

  • * PHP84 [PHP-01..03, NUL-04..05]: PHP 8.4 deprecation fixes + order null guards — 2 files updated to resolve deprecation warnings introduced in PHP 8.4.

  • * FIX [IMP-01..02, SET-01..06, KNT-01..12]: SOAP stubs, setup wizard guards, kernel/content null safety — 20 files updated; covers SOAP response stubs, setup-wizard input validation, and kernel/content-object null-safety checks.

  • Session / PHP 8 Compatibility

    * fix(ezsession): PHP 8 compat — read() now returns '' (empty string) instead of false; gc() correctly uses time() + gcStartTime for session lifetime calculation. Eliminates type-error fatals on PHP 8.

  • * fix(ezsession): PHP 8 — guard $GLOBALS['eZCurrentAccess'] before access — prevents undefined-index warnings / fatals when the global is not yet initialised during early-bootstrap session handling.

  • SQLite3 Driver Improvements

    * SQLite3: register eZSQLite3DB autoload + support absolute DB path — The SQLite3 database driver now registers its autoload entry correctly and accepts an absolute filesystem path for the database file, enabling use outside the default var/ tree.

  • * fix(sqlite3): use recursive mkdir when creating SQLite3 DB directory — Prevents a fatal error when intermediate directories do not exist on first-run installations.

  • New Template Operators (Feature)

    * Added: rstring, ristring, and many other PHP string operators as template operators — A broad set of PHP string-manipulation functions (rstring, ristring, str_pad, wordwrap, chunk_split, str_word_count, number_format, sprintf wrappers, and more) are now available directly inside Exponential templates. Feature Addition.

  • PHPUnit / Test Suite Upgrades (PR #61: upgrade-phpunit-tests-to-phpunit10)

    * TEST [PHPUnit-10, SEC-01..06]: Add PHPUnit 10 test infrastructure and security hardening suite — 6 new test files covering the SEC-01..06 attack surfaces closed in this release.

  • * Updated: Upgraded PHPUnit test suite support to v13 — phpunit.xml and test bootstrap updated for PHPUnit 13 compatibility.

  • * Updated: Version bump for PHPUnit to avoid composer security advisory — Resolves a composer installation warning/block caused by a published security advisory against the previously pinned PHPUnit version.

  • Documentation

    * DOC [SEC-01..06, NUL-01..14, PHP-01..03, UND-01..03, LOG-01..02, SET-01..06, KNT-01..12, IMP-01..02, PRG-01]: Add security hardening reference — hardening.md (1,176 lines) documents every patch reference code, the vulnerability class, affected file(s), and the fix applied.

  • * DOC: Add PHPUnit 3.7→10 migration guide — doc/phpunitv10.md added as a developer reference for upgrading legacy test suites.

  • * DOC: Document PHP version compatibility — Explicit statement that the 6.0.13 patch set does not raise the minimum PHP version requirement.

  • * Updated: README — Distribution count updated, Exponential Platform / Nexus version details added, issue tracker links revised, Telegram community link fixed.

  • Infrastructure / Project

    * chore: add GitHub Sponsors funding metadata — .github/FUNDING.yml added to enable sponsorship via GitHub Sponsors.

  • * Updated: .htaccess_root rebranding — Comments inside the example root .htaccess configuration file updated to reflect current Exponential branding.

  • * Updated: Patched a fatal flaw in the client calling API for curl requests — Curl client wrapper corrected; tested as working. Bugfix.

  • Notable Changes (Since eZ Publish 5)

    * Refer to prior release notes for the full historical feature list. Key milestones still included in this build:

  • * Security: 6 SQL-injection / OS-shell-injection attack surfaces closed (this release)

  • * PHP 8.4 / 8.5 support (ongoing since 6.0.8)

  • * SQLite3 database driver (new this release)

  • * PHPUnit 13 test suite (new this release)

  • * REST API v2 (CRUD) support (since 6.0.9)

  • * PostgreSQL 17 setup-wizard support (since 6.0.10)

  • * Admin3 responsive admin design

  • * Multi-site INI override and cache-handling improvements (since 6.0.12)

  • * has_role / has_policy template & PHP operators (since 6.0.12)

  • Contributors: 7x, Graham Brookins, CJW Network