This document contains information for an outdated version (3.0) and may not be maintained any more.
If some of your projects still use this version, consider upgrading as soon as possible.
Security: XSS in form validation errors (SS-2013-008)
Security: XSS in CMS "Pages" section (SS-2013-009)
API: Form validation message no longer allow HTML
Due to cross-site scripting concerns when user data is used for form messages,
it is no longer possible to use HTML in
Form->sessionMessage(), and consequently
- 2013-09-24 114fb59 Auto-escape titles in TreeDropdownField (Ingo Schommer)
- 2013-09-24 e170f4c Escaping in "dependent pages" (SS-2013-009) (Ingo Schommer)
- 2013-09-20 b383a07 Fixing tabindex added to CreditCardField when tabindex is NULL (Sean Harvey)
- 2013-09-20 c453ea3 Fixing tabindex added to CreditCardField when tabindex is NULL (Sean Harvey)