SilverStripe Security Releases: 3.5.6, 3.6.3, 4.0.1
52 views
Skip to first unread message
rob...@silverstripe.com
Dec 6, 2017, 10:14:30 PM12/6/17
to SilverStripe Release Announcements
Patch releases 3.5.6, 3.6.3 and 4.0.1 have been released.
These releases include some important security fixes. These include:
Users are advised to upgrade to these patch releases at the earliest convenient time.
To get setup, you can install this using composer (as below):
composer create-project silverstripe/installer ./ss35 3.5.6
composer create-project silverstripe/installer ./ss36 3.6.3
composer create-project silverstripe/installer ./ss40 4.0.1
Kind Regards,
Robbie Averill | Senior Developer
SilverStripe
These releases include some important security fixes. These include:
- [SS-2017-006] Session user agent change detection (SS 3.x only)
- [SS-2017-007] CSV Excel Macro Injection
- [SS-2017-008] SQL injection in full text search of SilverStripe 4
- [SS-2017-009] Users inadvertently passing sensitive data to LoginAttempt
- [SS-2017-010] install.php discloses sensitive data by pre-populating DB credential forms (SS 4.x only)
- https://docs.silverstripe.org/en/3/changelogs/3.5.6/
- https://docs.silverstripe.org/en/3/changelogs/3.6.3/
- https://docs.silverstripe.org/en/4/changelogs/4.0.1/
Users are advised to upgrade to these patch releases at the earliest convenient time.
To get setup, you can install this using composer (as below):
composer create-project silverstripe/installer ./ss35 3.5.6
composer create-project silverstripe/installer ./ss36 3.6.3
composer create-project silverstripe/installer ./ss40 4.0.1
Kind Regards,
Robbie Averill | Senior Developer
SilverStripe
Reply all
Reply to author
Forward
0 new messages