Versions:

2.3.7 (2010-03-18)

Changelog

Bugfixes

  • [rev:101229] Don't delete index.php after successful installation - in ContentController->deleteinstallfiles(). URL routing might rely on it without mod_rewrite.
  • [rev:101229] Require ADMIN permissions for ContentController->deleteinstallfiles() - together with retaining index.php this removed a vulnerability where unauthenticated users can disrupt mod_rewrite-less URL routing. (from r101227)
  • [rev:100744] Fixing Member_ProfileForm to validate for existing members via Member_Validator to avoid CMS users to switch to another existing user account by using their email address (from r100704) (from r100717)

Created with: ./sscreatechangelog --version 2.3.7 --branch branches/2.3 --stopbranch tags/2.3.6