As of 05 August, Zikula releases its newest version of CMS platform.
"The core development team is proud to announce the availabilty of Zikula Core 2.0.8.(2.0.9 followed a day later on 05 August with a security fix) ...
Zikula Core 2.0.8 is available as of today, 05 August, 2018.
- Security fixes from Symfony:
- Remove support for legacy and risky HTTP headers (CVE-2018-14773).
- Possible host header injection when using HttpCache (CVE-2018-14774).
- bootstrap-plus/bootstrap-jqueryui is deprecated and will be removed in 2.1. Use jQuery UI directly.
- Upgraded monolog for PHP 7.2+ compatibility (#3906).
- Unset upgrading flag after successful upgrade (#3899).
- Fixed invalid request access in hook controller.
- Changed default storage engine in CLI installer to InnoDB (#3909).
- Avoid linking to user registration page if registration functionality is disabled."
More of the various fixes etc. at https://ziku.la/en/news/message/zikula-core-2-0-8-released