A cross-site-scripting security issue in the uninstall package feature was reported by Ngo Van Thien, Sun* Inc.

Since this vulnerability requires a user to be authenticated this is only a low impact security issue for most sites.

The issue affects UliCMS Version 2018.4 to 2020.1.
The security hotfix FixPackageControllerXSS was released for UliCMS 2019.4 to 2020.1.
If you still use an older release of UliCMS you should upgrade to a supported version and then install the patch.

Version 2020.2 will include the fix at release state.

UliCMS 2020.1 offers a large amount of new features for designing your website project.

[...]

Update 1 is an bugfix only update for UliCMS 2019.4, that fixes some bugs related to the change of the API to static types. Also there got also two bugs in the installation procedure fixed.

The update has no new features since UliCMS 2019.4.

[...]

UliCMS 2019.4 offers a large amount of new features for designing your website project.

UliCMS 2019.4 has again compatiblity

Support for older MySQL / MariaDB versions

UliCMS 2019.4 gained again compatiblity with MySQL 5.5.3 and similiar MariaDB versions, while the previous UliCMS release 2019.3 required at least MySQL 5.6.

Auto embed external media ressourcexs

URLs to external media ressources are now automatically replaced with embedded players. More than 150 different services are supported.

This and more media services are supported:

• YouTube
• Dailymotion
• MyVideo
• Vimeo
• Ustream

[...]

Top Features

• Improved backend performance
• Edit footer text
• Checkboxen are now shown as On/Off switch
• New comments count icon
• The field "Custom Data (JSON)" has now a validation
• New options supported in configuration file
• Improved user management form
• New user notification mail can now be customized using a template
• Password security check
• "Available packages" redesigned
• Javascript and Stylesheet Minifying optimized
• "Languages" backend page revisited
• Bootstrap Alert HTML-Helper

[...]