Groups
Sign in
Groups
SilverStripe Release Announcements [ARCHIVED]
Conversations
About
Send feedback
Help
SilverStripe Security Releases: 3.5.6, 3.6.3, 4.0.1
52 views
Skip to first unread message
rob...@silverstripe.com
unread,
Dec 6, 2017, 10:14:30 PM
12/6/17
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to SilverStripe Release Announcements
Patch releases 3.5.6, 3.6.3 and 4.0.1 have been released.
These releases include some important security fixes. These include:
[SS-2017-006] Session user agent change detection
(SS 3.x only)
[SS-2017-007] CSV Excel Macro Injection
[SS-2017-008] SQL injection in full text search of SilverStripe 4
[SS-2017-009] Users inadvertently passing sensitive data to LoginAttempt
[SS-2017-010] install.php discloses sensitive data by pre-populating DB credential forms
(SS 4.x only)
Releases notes for each of the above releases can be found at:
https://docs.silverstripe.org/en/3/changelogs/3.5.6/
https://docs.silverstripe.org/en/3/changelogs/3.6.3/
https://docs.silverstripe.org/en/4/changelogs/4.0.1/
Users are advised to upgrade to these patch releases at the earliest convenient time.
To get setup, you can install this using composer (as below):
composer create-project silverstripe/installer ./ss35 3.5.6
composer create-project silverstripe/installer ./ss36 3.6.3
composer create-project silverstripe/installer ./ss40 4.0.1
Kind Regards,
Robbie Averill | Senior Developer
SilverStripe
Reply all
Reply to author
Forward
0 new messages