2013-09-24 10:45:55 +02:00
|
|
|
# 3.1.0-rc3
|
|
|
|
|
|
|
|
## Overview
|
|
|
|
|
|
|
|
### Security: XSS in CMS "Security" section (SS-2013-007)
|
|
|
|
|
2013-09-24 12:59:05 +02:00
|
|
|
See [announcement](http://www.silverstripe.org/ss-2013-007-xss-in-cms-security-section/)
|
|
|
|
|
2013-09-24 13:58:32 +02:00
|
|
|
### Security: XSS in form validation errors (SS-2013-008)
|
|
|
|
|
|
|
|
See [announcement](http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/)
|
|
|
|
|
2013-09-24 12:59:05 +02:00
|
|
|
### Security: XSS in CMS "Pages" section (SS-2013-009)
|
|
|
|
|
2013-09-24 13:58:32 +02:00
|
|
|
See [announcement](http://www.silverstripe.org/ss-2013-009-xss-in-cms-pages-section/)
|
|
|
|
|
|
|
|
### API: Form validation message no longer allow HTML
|
|
|
|
|
|
|
|
Due to cross-site scripting concerns when user data is used for form messages,
|
|
|
|
it is no longer possible to use HTML in `Form->sessionMessage()`, and consequently
|
|
|
|
in the `FormField->validate()` API.
|