This document contains information about a future release and not the current stable version (3.1).

Be aware that information on this page may change and API's may not be stable for production use.

3.0.6

Overview

  • Security: Require ADMIN for ?flush=1 (stop denial of service attacks) (#1692)
  • API: Disable discontinued Google Spellcheck in TinyMCE. Replaced by browser-based spellchecking if available (Chrome, Firefox)

Details

Security: Require ADMIN for ?flush=1 (SS-2013-001)

See announcement

Security: Privilege escalation through Group hierarchy setting (SS-2013-003)

See announcement

Security: Privilege escalation through Group and Member CSV upload (SS-2013-004)

See announcement

Security: Privilege escalation through APPLY_ROLES assignment (SS-2013-005)

See announcement

Security: Information disclosure in Versioned.php (SS-2013-006)

See announcement

Security: Privilege escalation through Group hierarchy setting (SS-2013-003)

See announcement

Security: Privilege escalation through Group and Member CSV upload (SS-2013-004)

See announcement

Security: Privilege escalation through APPLY_ROLES assignment (SS-2013-005)

See announcement

Upgrading

  • If you have created your own composite database fields, then you should amend the setValue() to allow the passing of an object (usually DataObject) as well as an array.
  • If you have provided your own startup scripts (ones that include core/Core.php) that can be accessed via a web request, you should ensure that you limit use of the flush parameter
  • Translation entity namespaces can no longer contain dots, since it conflicts with the YAML format.
  • Translation entities defined in templates now use their fully qualified entity name without dots. Before: BackLink_Button.ss.Back, after BackLink_Button_ss.Back. Please fix any custom language files or uses of those entities in custom code.
  • If using "Māori/Te Reo" (mi_NZ) as your CMS locale, please re-select it in admin/myprofile to ensure correct operation (it has changed its locale identifier)

Comments

Comment policy: Please use comments for tips and corrections about the described functionality.
Comments are moderated, we reserve the right to remove comments that are inappropriate or are no longer relevant. Use the Silverstripe Forum to ask questions.

blog comments powered by Disqus