Release announcements, helpful tips, and community discussion


Cerb (8.2.11) is a maintenance update released on February 28, 2018. It includes 3 minor features and fixes from community feedback covering the 8.2 update. You can follow these instructions to upgrade.

  • [Platform/Sessions] Fixed an issue that prevented sessions from workers with IPv6 addresses when MySQL was in strict mode. Thanks to Thomas Gross for the report!

  • [Security/Attachments] Fixed a possible self-XSS issue when uploading attachments. [#604]

  • [Security/Clickjacking] Added APP_SECURITY_FRAMEOPTIONS to framework.config.php to control embedding in IFRAMEs and mitigate clickjacking. The options are none (no headers/protection) and self (only allow requests from within Cerb). The default is self. You can use none if you intend to implement the headers yourself (e.g. from the webserver). [#605]