Versions:

3.1.0-rc2

Overview

Security: Privilege escalation through Group hierarchy setting (SS-2013-003)

See announcement

Security: Privilege escalation through Group and Member CSV upload (SS-2013-004)

See announcement

Security: Privilege escalation through APPLY_ROLES assignment (SS-2013-005)

See announcement

Changelog

Bugfixes

  • 2013-08-30 091c096 Disallow permissions assign for APPLY_ROLES (SS-2013-005) (Ingo Schommer)
  • 2013-08-30 cfa88ad Privilege escalation through APPLY_ROLES assignment (SS-2013-005) (Ingo Schommer)
  • 2013-08-30 46556b6 Privilege escalation through Group and Member CSV upload (SS-2013-004) (Ingo Schommer)
  • 2013-08-30 68ca47b Privilege escalation through Group hierarchy setting (SS-2013-003) (Ingo Schommer)
  • 2013-08-23 1461ae9 Fix regression in IE no-cache https file downloads. (Mateusz Uzdowski)
  • 2013-08-22 45c1d2b webfonts in preview iframe breaking admin fonts (Hamish Friedlander)
  • 2013-08-21 a2026ad flushing on non-dev when Session::cookie_secure is true (Hamish Friedlander)
  • 2013-08-20 1c31c09 Correct Zend_Locale fallbacks in i18n/DateField/DateTimeField (Ingo Schommer)
  • 2013-08-20 68d8ec3 Memory leaks in jstree drag & drop (Hamish Friedlander)
  • 2013-08-20 fda4b91 Make sure CurrentXHR is set back to null on completion (Hamish Friedlander)
  • 2013-08-20 e282f0b Two memory leaks with HtmlEditorField (Hamish Friedlander)
  • 2013-08-19 4a7aef0 Double slashes in ParameterConfirmationToken (Hamish Friedlander)
  • 2013-08-15 0ca4969 Dont update preview iframe if hidden (Hamish Friedlander)
  • 2013-08-12 c59305d Multiple redraw calls on navigation (Hamish Friedlander)
  • 2013-08-09 b1664f8 Check for stage and drafts in SiteTree::canView() (Simon Welsh)
  • 2013-08-08 2fae928 ArchiveDate enforcement (Hamish Friedlander)
  • 2013-08-07 fb67181 Context menu too long - CSS only (Fixes CMS #811) (Naomi Guyer)
  • 2013-08-07 71608f0 Add SiteTree link tracking as an extension, and apply to SiteTree itself (Hamish Friedlander)