SilverStripe 2.4.3
33 views
Skip to first unread message
Ingo Schommer
Nov 10, 2010, 9:08:44 PM11/10/10
to SilverStripe Release Announcements
We have a new security release of SilverStripe available: 2.4.3
Thanks to everyone who gave us bug reports on our release candidates.
The release is now stable and ready for production use!
Changes overview:
- Fixed a security issue where destructive controller actions are not
correctly secured against Cross-Site Request Forgery (CSRF). This
affects various CMS interfaces, as well as classes based on
TableListField or ComplexTableField.
- Enhance the protection of the assets/ directory in both IIS and
Apache by including a file type whitelist.
- Compatibility with PHPUnit 3.5
- Allow direct test execution through the "phpunit" binary, in
addition to the existing "sake" executable and TestRunner class.
- Misc. fixes to validation in date-based form fields, as well as
better formatting of dates in non-default locales.
Download here: http://www.silverstripe.org/assets/downloads/SilverStripe-v2.4.3.tar.gz
Changelog: http://open.silverstripe.org/wiki/ChangeLog/2.4.3
Upgrading: http://doc.silverstripe.org/upgrading:2.4.3
Post bug reports here: http://open.silverstripe.com
Security related patches in "cms" module:
http://open.silverstripe.org/changeset/113278
http://open.silverstripe.org/changeset/113279
http://open.silverstripe.org/changeset/113280
http://open.silverstripe.org/changeset/113281
http://open.silverstripe.org/changeset/113282
Security related patches in "sapphire" module:
http://open.silverstripe.org/changeset/113272
http://open.silverstripe.org/changeset/113273
http://open.silverstripe.org/changeset/113274
http://open.silverstripe.org/changeset/113275
http://open.silverstripe.org/changeset/113276
http://open.silverstripe.org/changeset/113277
http://open.silverstripe.org/changeset/113284
Thanks,
Ingo
Thanks to everyone who gave us bug reports on our release candidates.
The release is now stable and ready for production use!
Changes overview:
- Fixed a security issue where destructive controller actions are not
correctly secured against Cross-Site Request Forgery (CSRF). This
affects various CMS interfaces, as well as classes based on
TableListField or ComplexTableField.
- Enhance the protection of the assets/ directory in both IIS and
Apache by including a file type whitelist.
- Compatibility with PHPUnit 3.5
- Allow direct test execution through the "phpunit" binary, in
addition to the existing "sake" executable and TestRunner class.
- Misc. fixes to validation in date-based form fields, as well as
better formatting of dates in non-default locales.
Download here: http://www.silverstripe.org/assets/downloads/SilverStripe-v2.4.3.tar.gz
Changelog: http://open.silverstripe.org/wiki/ChangeLog/2.4.3
Upgrading: http://doc.silverstripe.org/upgrading:2.4.3
Post bug reports here: http://open.silverstripe.com
Security related patches in "cms" module:
http://open.silverstripe.org/changeset/113278
http://open.silverstripe.org/changeset/113279
http://open.silverstripe.org/changeset/113280
http://open.silverstripe.org/changeset/113281
http://open.silverstripe.org/changeset/113282
Security related patches in "sapphire" module:
http://open.silverstripe.org/changeset/113272
http://open.silverstripe.org/changeset/113273
http://open.silverstripe.org/changeset/113274
http://open.silverstripe.org/changeset/113275
http://open.silverstripe.org/changeset/113276
http://open.silverstripe.org/changeset/113277
http://open.silverstripe.org/changeset/113284
Thanks,
Ingo
Reply all
Reply to author
Forward
0 new messages