Release notes

Sitekit CMS Help» Release notes» 11.1 release notes
Article number: 306225

11.1 release notes

11.1 is a major release and introduces large improvements to the CMS in several areas:

  • GDPR support
  • Zone editor widgets
  • Advanced search improvements
  • Make /Admin Endpoint Configurable
  • Improvements to V3 Form Posts

As in previous releases, we've received a lot of ideas from our wide user base. Many of our sites have been submitted to the government’s new National Cyber Security Centre (NCSC) tool. It provides ongoing recommendations, alerts and advice on securing your site and more importantly maintaining that security. A link to the blog article introducing the service is here. You can register for this yourself for free with no involvement from us. It doesn’t take long to do.

This release includes several changes in response to the use of this tool and repeated penetration tests of sites.

Widgets for Drag and drop zone editing

The last release of the CMS brought a new drag and drop zone based editing system.  It allowed editors to add any number of editable elements to a page and then drag them to reposition them. This release extends that further allowing configurable widgets made up of blocks of text blocks or images or anything to also be dragged onto a page. The widgets can be used to produce multiple repeatable elements like extending front page carousels or a staff directory or a sidebar quote

GDPR support

Revisions to the data protection laws are coming in May. This release supports helping to make you GDPR compliant. This report allows you to enter any email address in the search box to get a report listing the information you hold about them. The report will list where in your site you're holding information on that person and (where possible) there are links to the relevant part of the CMS that allows that entry to be viewed or deleted in a single click. We cannot make you compliant but we can assist you to manage compliance. In addition, the CMS forms system enables you to create GDPR compliant T & C acceptance popups or check boxes.

Advanced search improvements

Search has been improved in several ways in this release:

  • A log is kept of search result clicks. The click count is used to give more relevance to items that are clicked more often in the results.
  • Search indexes are now compressed with unnecessary common words removed to increase relevancy.
  • New web services have been created to provide lists of the most popular searches.

Configurable admin end points

The CMS admin area is protected via https and admin configured password policies however some of our users requested additional changes. The admin interface has up till now always been accessible via <your site domain>/admin and it is the predictability of the ‘/admin’ folder name that has been seen to be a potential weak point. In 11.1 for deployed sites the admin folder name is now configurable. This means you can further secure the admin portion of your site behind your own naming convention such as www.mysite.com/editsitehere and a call to www.mysite.com/admin  will result in a 404.

Configuration is via the relevant web.config

  <add key="AdminEndpoint" value="/admin"/>

In addition there’s another new web.config key 

 <add key="AdminEndpointPassSite" value="true"/>

This second 'pass site' key controls whether the 'site' field on the login form gets populated. Setting this 'false' creates another layer of security as any potential attacker must get a valid site, user and password and admin folder to get in using brute force. Another way in which Sitekit is making your sites more secure.

 Forms changes

  • Configurable data retention for submissions (defaults to 12 months).
  • Addition of regex support to emails on forms.
  • Ability to set fields as read only.
  • Improvement in usability of secure forms.
  • Support for Google reCaptcha.

Performance improvements

  • Page load times has been improved via automatic minification of CSS and JS.
  • When a JavaScript file is published, a minified version is created. Similarly, when a previous version of a JavaScript file is made active a minified version is created.
    When a stylesheet or CSS file is published, a minified version is created.
    When the JavaScript or CSS file is requested front-end, the minified version is served if it exists.
    If no minified version of the file exists then the unminified version will be served.'?minify=0' can be added to the URL of a CSS or js file to view the unminified version.
  • Admin performance has been improved via having page Properties & Content In Same pop up window rather than separate ones.
  • SQL indexing has been optimised and more parameterised.

Security improvements

As well as the configurable end point addition above this release sees other security related changes:

  • Passwords are now hashed using bcrypt instead of SHA1.
  • Passwords have some basic level rules applied to them now, they cannot contain your username or parts of your username or ‘password’.
  • Obfuscation of passwords in logs.
  • Support for subresource integrity (SRI) in scripts via hashing.
  • Further usability improvements to secure forms.

Documentation changes - New help pages 

Most additional and new content is labelled as ‘11.1’ so a search of help for ‘11.1’ will present most if not all of the following:

Documentation changes - Updated pages

Documentation changes - Deprecated features

The EmailThisPage functionality has been removed as it constitutes a security vulnerability. 

Old News, Old Events, Old Forums, Guestbooks, Postcards, FAQs, Page Commenting, Shops, Directory Pro, Custom Database. Removed from group rights if they are not used on the site.

FAQs, Events, and News may be deprecated in the future, there is a facility to allow their content to be migrated to Posts, see here for details.

Related questions