SilverStripe 2.3.10

Showing 1-1 of 1 messages
SilverStripe 2.3.10 Ingo Schommer 12/20/10 11:12 PM
We have a new release of SilverStripe available: 2.3.10

Thanks to everyone who gave us bug reports on our release candidates.  The release is now stable and ready for production use!

Overview: 
 * Security: XSS in controller handling for missing actions 
 * Security: SQL injection with Translatable extension enabled 
 * Security: Version number information disclosure 
 * Security: Weak entropy in tokens for CSRF protection, autologin, 
"forgot password" emails and password salts 
 * Security: HTTP referer leakage on Security/changepassword 
 * Improved security of PHPSESSID and byPassStaticCache cookies 
(setting them to 'httpOnly') 

Download here: http://www.silverstripe.org/assets/downloads/SilverStripe-v2.3.10.tar.gz 
Post bug reports here: http://open.silverstripe.com 
Upgrading: http://doc.silverstripe.org/upgrading:2.3.10 
Changelog: http://open.silverstripe.org/wiki/ChangeLog/2.3.10

Thanks, 
Ingo Schommer