SilverStripe 2.4.3-rc1
4 views
Skip to first unread message
Ingo Schommer
Nov 1, 2010, 9:10:35 AM11/1/10
to SilverStripe Release Announcements
We have a new security release of SilverStripe available: 2.4.3-rc1
We'd appreciate everyone's help testing it, so that we can make a
stable release as soon as possible.
Changes overview:
- Fixed a security issue where destructive controller actions are not
correctly secured against Cross-Site Request Forgery (CSRF). This
affects various CMS interfaces, as well as classes based on
TableListField or ComplexTableField.
- Enhance the protection of the assets/ directory in both IIS and
Apache by including a file type whitelist.
- Compatibility with PHPUnit 3.5
- Allow direct test execution through the "phpunit" binary, in
addition to the existing "sake" executable and TestRunner class.
- Misc. fixes to validation in date-based form fields, as well as
better formatting of dates in non-default locales.
Download here: http://www.silverstripe.org/assets/downloads/SilverStripe-v2.4.3-rc1.tar.gz
Changelog: http://open.silverstripe.org/wiki/ChangeLog/2.4.3-rc1
Post bug reports here: http://open.silverstripe.com
Security related patches in "cms" module:
http://open.silverstripe.org/changeset/113278
http://open.silverstripe.org/changeset/113279
http://open.silverstripe.org/changeset/113280
http://open.silverstripe.org/changeset/113281
http://open.silverstripe.org/changeset/113282
Security related patches in "sapphire" module:
http://open.silverstripe.org/changeset/113272
http://open.silverstripe.org/changeset/113273
http://open.silverstripe.org/changeset/113274
http://open.silverstripe.org/changeset/113275
http://open.silverstripe.org/changeset/113276
http://open.silverstripe.org/changeset/113277
http://open.silverstripe.org/changeset/113284
Thanks,
Ingo Schommer
We'd appreciate everyone's help testing it, so that we can make a
stable release as soon as possible.
Changes overview:
- Fixed a security issue where destructive controller actions are not
correctly secured against Cross-Site Request Forgery (CSRF). This
affects various CMS interfaces, as well as classes based on
TableListField or ComplexTableField.
- Enhance the protection of the assets/ directory in both IIS and
Apache by including a file type whitelist.
- Compatibility with PHPUnit 3.5
- Allow direct test execution through the "phpunit" binary, in
addition to the existing "sake" executable and TestRunner class.
- Misc. fixes to validation in date-based form fields, as well as
better formatting of dates in non-default locales.
Download here: http://www.silverstripe.org/assets/downloads/SilverStripe-v2.4.3-rc1.tar.gz
Changelog: http://open.silverstripe.org/wiki/ChangeLog/2.4.3-rc1
Post bug reports here: http://open.silverstripe.com
Security related patches in "cms" module:
http://open.silverstripe.org/changeset/113278
http://open.silverstripe.org/changeset/113279
http://open.silverstripe.org/changeset/113280
http://open.silverstripe.org/changeset/113281
http://open.silverstripe.org/changeset/113282
Security related patches in "sapphire" module:
http://open.silverstripe.org/changeset/113272
http://open.silverstripe.org/changeset/113273
http://open.silverstripe.org/changeset/113274
http://open.silverstripe.org/changeset/113275
http://open.silverstripe.org/changeset/113276
http://open.silverstripe.org/changeset/113277
http://open.silverstripe.org/changeset/113284
Thanks,
Ingo Schommer
Ingo Schommer
Nov 1, 2010, 9:12:16 AM11/1/10
to SilverStripe Release Announcements
Upgrading: http://doc.silverstripe.org/upgrading:2.4.3
Reply all
Reply to author
Forward
0 new messages