SilverStripe 2.4.4

Showing 1-1 of 1 messages
SilverStripe 2.4.4 Ingo Schommer 12/20/10 11:06 PM
We have a new release of SilverStripe available: 2.4.4

Overview:
 * Security: SQL information disclosure in MySQLDatabase
 * Security: XSS in controller handling for missing actions
 * Security: SQL injection with Translatable extension enabled
 * Security: Version number information disclosure
 * Security: Weak entropy in tokens for CSRF protection, autologin, "forgot password" emails and password salts
 * Security: HTTP referer leakage on Security/changepassword
 * Security: CSRF protection bypassed when handling form action requests through controller
 * Improved security of PHPSESSID and byPassStaticCache cookies (setting them to 'httpOnly')

Thanks to everyone who gave us bug reports on our release candidates. The release is now stable and ready for production use!

Download here: http://www.silverstripe.org/assets/downloads/SilverStripe-v2.4.4.tar.gz
Post bug reports here: http://open.silverstripe.com
Changelog: http://open.silverstripe.org/wiki/ChangeLog/2.4.4
Upgrading: http://doc.silverstripe.org/upgrading:2.4.4


Thanks,
Ingo Schommer