This document contains information about a future release and not the current stable version (3.1).
Be aware that information on this page may change and API's may not be stable for production use.
- Security: XSS in controller handling for missing actions
- Security: SQL injection with Translatable extension enabled
- Security: Version number information disclosure
- Security: Weak entropy in tokens for CSRF protection, autologin, "forgot password" emails and password salts
- Security: HTTP referer leakage on Security/changepassword
- Security: CSRF protection bypassed when handling form action requests through controller
- Improved security of PHPSESSID and byPassStaticCache cookies (setting them to 'httpOnly')
Features and Enhancements
- [rev:114501] Added !RandomGenerator for more secure CSRF tokens etc. (from r114497) (from r114499)
- [rev:115200] Removing form actions from in !AssetAdmin, CMSMain, !LeftAndMain - handled through Form->httpSubmission() (merged from r115185)
- [rev:115191] Checking for existence of !FormAction in Form->httpSubmission() to avoid bypassing $allowed_actions definitions in controllers containing this form
- [rev:115191] Checking for $allowed_actions in Form class, through Form->httpSubmission() (from r115182)
- [rev:114776] Disallow web access to sapphire/silverstripe_version to avoid information leakage (from r114773)
- [rev:114772] Disallow web access to cms/silverstripe_version to avoid information leakage (from r114770)
- [rev:114763] Avoid potential referer leaking in Security->changepassword() form by storing Member->!AutoLoginHash in session instead of 'h' GET parameter (from r114758)
- [rev:114741] Fixed CSRF warning in image form after selecting a folder. (from r80237)
- [rev:114517] Escaping $locale values in Translatable->augmentSQL() in addition to the i18n::validate_locale() input validation (from r114515) (from r114516)
- [rev:114513] Limiting usage of mcrypt_create_iv() in !RandomGenerator->generateEntropy() to *nix platforms to avoid fatal errors (specically in IIS) (from r114510) (from r114512)
- [rev:114509] Using !RandomGenerator class in Member->logIn(), Member->autoLogin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of '!RememberLoginToken' and '!AutoLoginHash' fields to 1024 characters to support longer token strings. (from r114504) (from r114507)
- [rev:114502] Using !RandomGenerator class in !SecurityToken->generate() for more random tokens (from r114500)
- [rev:114266] Removing quotes from test data in !RestfulServiceTest, it gives different results depending on magic_quotes_gpc setting on PHP configuration (merged from r80132).