SilverStripe 2.4.6 (security amendment)

[Ingo Schommer]

Hello everybody,

In our 2.4.6 release a couple of weeks ago we've also included a security-related change

in the way we handle files in the built-in search (through the FulltextSearchable extension).

While its more of an unexpected default behaviour than a security flaw,

I felt that it needs to be highlighted due to its potential privacy and data protection implications.

I've amended the 2.4.6 upgrading guides to describe the issue:

http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.4.6#security-user-uploaded-files-searchable-when-using-fulltextsearchable

In short: If you're hosting sensitive files or allowing users to upload their own files,

please upgrade and read the instructions carefully.

Regards

Ingo