- [rev:101229] Don't delete index.php after successful installation - in ContentController->deleteinstallfiles(). URL routing might rely on it without mod_rewrite.
- [rev:101229] Require ADMIN permissions for ContentController->deleteinstallfiles() - together with retaining index.php this removed a vulnerability where unauthenticated users can disrupt mod_rewrite-less URL routing. (from r101227)
- [rev:100744] Fixing Member_ProfileForm to validate for existing members via Member_Validator to avoid CMS users to switch to another existing user account by using their email address (from r100704) (from r100717)
Created with: <code>./sscreatechangelog --version 2.3.7 --branch branches/2.3 --stopbranch tags/2.3.6</code>