You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to SilverStripe Release Announcements
We have a new release of SilverStripe available: 2.4.4-rc1
We'd appreciate everyone's help testing it, so that we can make a
stable release as soon as possible.
Overview:
* Security: SQL information disclosure in MySQLDatabase
* Security: XSS in controller handling for missing actions
* Security: SQL injection with Translatable extension enabled
* Security: Version number information disclosure
* Security: Weak entropy in tokens for CSRF protection, autologin,
"forgot password" emails and password salts
* Security: HTTP referer leakage on Security/changepassword
* Improved security of PHPSESSID and byPassStaticCache cookies
(setting them to 'httpOnly')