Orchard

Orchard 1.6.1

Orchard 1.6.1 is here! The release is published on our Orchard CodePlex website and on Microsoft Web Application Gallery.

This is a production-ready release for powering your live sites, and is the result of years of development effort and contribution from the Orchard Team and our active community. Also be sure to check out the gallery website (and related open source project). This provides a simple way to upload and share your module and theme ideas.

4-30-2013 update: please patch your Orchard web sites http://docs.orchardproject.net/.../Patch-4-30-2013

Install with Web Platform Installer

Recent Posts and Articles

Security patch recommended for all versions of Orchard

Posted by Orchard Core Team on 04/30/2013 a 8:17 PM.
Background

A non-persistent XSS vulnerability has been discovered in the Orchard.Comments module that is distributed with the core distribution of the CMS. The module could in some circumstances let an external website render custom scripts on an Orchard website. This vulnerability might ultimately be used to gather your credentials if you further authenticate on the targeted Orchard website.

All released versions of Orchard are vulnerable and need to be patched immediately.

We are releasing today (April 30, 2013) a new version 1.6.1 of Orchard 1.6 that has the patch in place. This new version is replacing the previously available download. If you are downloading Orchard 1.6.1 today, you do not need to take any additional steps. The latest 1.x development branch is already patched as well. We are also releasing patch files for each version of Orchard from 1.0 to 1.6 that can be applied to existing web sites.

Mitigation
- If you don't use the Comments module in Orchard, you can simply disable it in the Modules section of the Dashboard.
- If your theme doesn't render the Messages zone, you are also safe, even if the Comments module is activated.
Action Required

Apply the patch for your version, update to Orchard 1.6.1, or update to the latest 1.x.

Orchard 1.6.1: https://orchard.codeplex.com/releases/view/90325

For older versions of Orchard, we are releasing patch files that can be applied on top of a running instance of Orchard. The archive for each of these patches contains a Modules folder that has the right structure to be copied into the root directory of an Orchard site. If you are using a source version, you need to copy the contents of the zip file into src/Orchard.Web.
- 1.6 patch: https://orchard.codeplex.com/downloads/get/671068
- 1.5 patch: https://orchard.codeplex.com/downloads/get/671066
- 1.4 patch: https://orchard.codeplex.com/downloads/get/671070
- 1.3 patch: https://orchard.codeplex.com/downloads/get/671074
- 1.2 patch: https://orchard.codeplex.com/downloads/get/671075
- 1.1 patch: https://orchard.codeplex.com/downloads/get/671076
- 1.0 patch: https://orchard.codeplex.com/downloads/get/671077
Tags: Vulnerability
Read more...
Weekly Podcast 04/23/2013

Posted by Steering Committee on 04/28/2013 a 12:38 PM.
Meeting notes:
- Bug fixes (home page bug, etc.)
- Quick demo of using(Capture(Layout.ZoneName)) {...} to send razor rendering to a different zone. It's a lightweight way to do the same thing as creating a shape and adding it to a zone.
- Media update: now available on 1.x branch, lots of polishing has been done, drag and drop of image in folders, responsive view of folders, delete.
- Demo by Nick on inline editing: inline editing is a setting of parts. But overall, FAIL :) Needs to be refactored around shapes, with a way to explicitly map a display shape to an editor shape.
- Zoltán has looked at integrating Glimpse as an Orchard module. Not quite working because of reliance on http modules.
- Should we remove the URL field in the comments form? Bertrand to provide new setting to implement it.
- 48 proposed before triage, 15 after. 227 active for 1.7.
Brought to you by: http://english.orchardproject.hu
Tags: Video, Podcast, Steering Committee
Read more...
Oxford Economics: A Success Case

Posted by Sophilabs on 04/22/2013 a 6:40 AM.

The specific challenge of this project was to provide a long-overdue modern user experience for the company’s website which consisted of two major areas dealing with marketing and providing customers access to their subscription products. The website was expected to receive an average 1000 visitors and 4000+ page views daily.
The marketing team needed to update the marketing and pay-walled site regularly using simple and effective tools in contrast to the old website which offered little direct manipulation tooling.

From a design perspective, the new site had to be clean, elegant and simple to navigate. Oxford Economics wanted to position themselves as the top economic consultancy in the world, by conveying their global presence, a strong sense of gravitas, trustworthiness and expertise.

A big challenge was to migrate over 20 thousand subscription products to the new backend without interrupting on-going access via the old website whilst the new one was being constructed.

The old system had little documentation making it extremely difficult to decipher how its features should really work.

Tags: Case Study
Read more...
Workflow Module

Posted by David Hayden on 04/22/2013 a 6:15 AM.

Looking forward to the release of the Orchard Workflow Module, which will probably be released around the same time as Orchard 1.7. The Workflow Module will probably replace the Orchard Rules Engine, which I have thoroughly enjoyed up to this point. The Orchard Workflow Module will have similar events and actions just like the Orchard Rules Engine, but offer quite a bit more functionality with various decision points that shape the workflow. I know a lot of clients would like to be able to have a workflow on how content is created, reviewed, approved, and published, and this is exactly what the new Orchard Workflow Module will address along with many other possibilities.

Tags: Workflow, Rules
Read more...
Weekly Podcast 04/16/2013

Posted by Steering Committee on 04/17/2013 a 7:53 AM.
Meeting notes:
- Sébastien told us about the new improvements in MediaManager
- Demo from Znowman: Tabs in the content item editor. Works with full drag&drop admin, and with placement extensions: "Content:5#tabName". Should be changed to "Content@tabName:5". Tabs will be moved to inside the white rectangle of the content item editor. Make the selected tab persist after save.
- Triage: 60 proposed before triage. 30 after, and 211 active for 1.7
Brought to you by: http://english.orchardproject.hu
Tags: Video, Podcast, Steering Committee
Read more...
Testing Drivers

Posted by Bertrand Le Roy on 04/15/2013 a 7:54 PM.

If you’ve ever tried to test Orchard part drivers, you may have been blocked by the fact that the methods on drivers are protected. That, fortunately, doesn’t mean they are untestable. Those methods are still accessible through explicit interface implementations. In particular, drivers implement IContentPartDriver.

Tags: Testing, Driver
Read more...
A C# Helper To Read And Write XML From And To Objects

Posted by Bertrand Le Roy on 04/15/2013 a 12:09 AM.

This is especially useful when writing the import and export methods in an Orchard part driver.

Tags: Driver, Import / Export
Read more...
Weekly Podcast 04/09/2013

Posted by Steering Committee on 04/10/2013 a 12:13 PM.
Meeting notes:
- Keyboard shortcuts feature: we seem to agree that implementing CTRL+S, CTRL+SHIFT+S and maybe CTRL+A would be low cost and very useful.
- Powershell integration https://orchardps.codeplex.com/ demo next week hopefully, which would help.
- Sébastien demo of the new media picker field. Support for audio and documents, multi-selection across folders.
- Harvest: please register as soon as you can if you intend to go.
- Triage: 66 proposed before triage. 39 after. 198 active on 1.7.
Brought to you by: http://english.orchardproject.hu
Tags: Video, Podcast, Steering Committee
Read more...

Software IP management and project development governance provided by Outercurve Foundation

About the Orchard Project

Recent Posts and Articles

Background

Mitigation

Action Required