SilverStripe 2.4.4-rc1
17 views
Skip to first unread message
Ingo Schommer
Dec 9, 2010, 7:26:38 PM12/9/10
to SilverStripe Release Announcements
We have a new release of SilverStripe available: 2.4.4-rc1
We'd appreciate everyone's help testing it, so that we can make a
stable release as soon as possible.
Overview:
* Security: SQL information disclosure in MySQLDatabase
* Security: XSS in controller handling for missing actions
* Security: SQL injection with Translatable extension enabled
* Security: Version number information disclosure
* Security: Weak entropy in tokens for CSRF protection, autologin,
"forgot password" emails and password salts
* Security: HTTP referer leakage on Security/changepassword
* Improved security of PHPSESSID and byPassStaticCache cookies
(setting them to 'httpOnly')
Download here: http://www.silverstripe.org/assets/downloads/SilverStripe-v2.4.4-rc1.tar.gz
Post bug reports here: http://open.silverstripe.com
Changelog: http://open.silverstripe.org/wiki/ChangeLog/2.4.4-rc1
Upgrading: http://doc.silverstripe.org/upgrading:2.4.4
Thanks,
Ingo Schommer
We'd appreciate everyone's help testing it, so that we can make a
stable release as soon as possible.
Overview:
* Security: SQL information disclosure in MySQLDatabase
* Security: XSS in controller handling for missing actions
* Security: SQL injection with Translatable extension enabled
* Security: Version number information disclosure
* Security: Weak entropy in tokens for CSRF protection, autologin,
"forgot password" emails and password salts
* Security: HTTP referer leakage on Security/changepassword
* Improved security of PHPSESSID and byPassStaticCache cookies
(setting them to 'httpOnly')
Download here: http://www.silverstripe.org/assets/downloads/SilverStripe-v2.4.4-rc1.tar.gz
Post bug reports here: http://open.silverstripe.com
Changelog: http://open.silverstripe.org/wiki/ChangeLog/2.4.4-rc1
Upgrading: http://doc.silverstripe.org/upgrading:2.4.4
Thanks,
Ingo Schommer
Reply all
Reply to author
Forward
0 new messages