This document contains information for an outdated version (2.3) and may not be maintained any more.
If some of your projects still use this version, consider upgrading as soon as possible.
- [rev:101229] Don't delete index.php after successful installation - in ContentController->deleteinstallfiles(). URL routing might rely on it without mod_rewrite.
- [rev:101229] Require ADMIN permissions for ContentController->deleteinstallfiles() - together with retaining index.php this removed a vulnerability where unauthenticated users can disrupt mod_rewrite-less URL routing. (from r101227)
- [rev:100744] Fixing Member_ProfileForm to validate for existing members via Member_Validator to avoid CMS users to switch to another existing user account by using their email address (from r100704) (from r100717)
Created with: <code>./sscreatechangelog --version 2.3.7 --branch branches/2.3 --stopbranch tags/2.3.6)</code>