SilverStripe 2.3.10

Showing 1-1 of 1 messages
SilverStripe 2.3.10 Ingo Schommer 12/20/10 11:12 PM
We have a new release of SilverStripe available: 2.3.10

Thanks to everyone who gave us bug reports on our release candidates.  The release is now stable and ready for production use!

 * Security: XSS in controller handling for missing actions 
 * Security: SQL injection with Translatable extension enabled 
 * Security: Version number information disclosure 
 * Security: Weak entropy in tokens for CSRF protection, autologin, 
"forgot password" emails and password salts 
 * Security: HTTP referer leakage on Security/changepassword 
 * Improved security of PHPSESSID and byPassStaticCache cookies 
(setting them to 'httpOnly') 

Download here: 
Post bug reports here: 

Ingo Schommer