Paragon Initiative Enterprises Blog

The latest information from the team that develops cryptographically secure PHP software.

CMS Airship: Now and Tomorrow

As you may be aware by now, in addition to our professional security consulting services, we're developing a secure-by-default content management system called CMS Airship. CMS Airship is a Free Software product (though we do sell commercial licenses if you'd like to use Airship in non-free software; get in touch).

If you weren't aware, these articles will bring you up to speed:

Charting the Course for CMS Airship Version 2

Unless we encounter unexpected delays, CMS Airship 2.0.0 and 1.5.0 shall both be released on January 6, 2017 -- the first Friday of the year.

These are the planned changes so far:

  • The minimum PHP version for CMS Airship 2 will be PHP 7.1.
  • We will be upgrading to Halite 3, which simplifies a lot of the cryptography APIs and defaults to Base64Url encoding.

Everything else is a blank slate. There are many feature requests for version 2.0.0 already.

The important thing to keep in mind is that, since we're increasing the major version, backwards compatibility breaks are on the table. If you don't like the way Airship looks or feels, or you think a feature should be implemented completely differently, let's have a discussion about that.

To be clear: Some suggestions (MySQL support) are on hold for technical reasons outside of our control (i.e. no WITH RECURSIVE support). Some ideas (PHP 5 support, insecure code delivery, plaintext password storage) will be rejected outright due to conflicting with our goals.

But Airship exists to be a secure foundation for developers and companies to build upon. It doesn't make patch management difficult. You'll almost certainly never have to worry about an hours-old vulnerability leading to a data breach. You get all the security and performance benefits of modern cryptography -- including some cryptography protocols of our own design. (If we didn't have the security expertise on staff that we do, that sentence would send shivers down most cryptographers' spines.)

Even if our servers ever get hacked, your Airships will detect and reject any false update packages the criminal uploads. Can any other CMS make the same claim?

The Sky is Only the Beginning

As secure as Airship is, it's not some rigid and unusable monolith that no mere mortal can approach. It supports a flexible and powerful extension system. Any extensions you develop are also delivered securely to your users.

  • Want to change the way your Airship looks or feels? Create a Motif.
  • Want to create your own application on top of Airship's security? Create your own Cabin.
  • Want to alter the behavior of an existing cabin (including the two that come with Airship)? Create a Gadget.

Regardless of the changes that lay in store for version 2, we're confident that CMS Airship is a solid product that developers will love to work with. To that end, we're going to be focusing our efforts in the coming months to developing a few incredibly useful and extensible Gadgets and Cabins. When they're ready for prime time, these Airship extensions will be free and open source.

We'll be making the appropriate announcements in due time. If you want to hear about it first, sign up for our quarterly newsletter.

Thank You

Who's awesome? You're awesome!

We offer our sincerest thanks to everyone who has ever reported a bug, sent a patch, or told us how to greatly improve the user interface with a small CSS change over the majority of the past year on the IRC channels our team frequents. No open source software project can survive without a healthy community, and we're happy to be in the company of progressive software developers who believe in our mission to set tomorrow's PHP gold standard.

About the Author

P.I.E. Staff

Paragon Initiative Enterprises

Paragon Initiative Enterprises is a Florida-based company that provides software consulting, application development, code auditing, and security engineering services. We specialize in PHP Security and applied cryptography.

Need Technology Consultants?

Will tomorrow bring costly and embarrassing data breaches? Or will it bring growth, success, and peace of mind?

Our team of technology consultants have extensive knowledge and experience with application security and web/application development.

We specialize in cryptography and secure PHP development.

Let's Work Together Towards Success

Our Security Newsletters

Want the latest from Paragon Initiative Enterprises delivered straight to your inbox? We have two newsletters to choose from.

The first mails quarterly and often showcases our behind-the-scenes projects.

The other is unscheduled and gives you a direct feed into the findings of our open source security research initiatives.

Quarterly Newsletter   Security Announcements