silverstripe-framework/docs/en/04_Changelogs/3.1.13.md

40 lines
4.4 KiB
Markdown
Raw Normal View History

2015-05-28 08:59:11 +02:00
# 3.1.13
# Overview
This release includes several security fixes to prevent HTTP Hostname injection,
as well as a fix for flush or isDev querystring parameters
to be set via unauthenticated requests.
2016-01-14 11:59:53 +01:00
Users upgrading from 3.1.12 or below should read the [security documentation](/developer_guides/security/secure_coding)
2015-05-28 08:59:11 +02:00
on securing their site.
### Security
* 2015-05-22 [a978b89](https://github.com/silverstripe/sapphire/commit/a978b89) Fix handling of empty parameter token (Damian Mooyman) - See [ss-2015-014](http://www.silverstripe.org/software/download/security-releases/ss-2015-014)
* 2015-05-25 [75137db](https://github.com/silverstripe/sapphire/commit/75137db) Ensure only trusted proxy servers have control over certain HTTP headers (Damian Mooyman) - See [ss-2015-013](http://www.silverstripe.org/software/download/security-releases/ss-2015-013)
* 2015-05-25 [22a35e4](https://github.com/silverstripe/sapphire/commit/22a35e4) Fix malformed urls redirecting to external sites (Damian Mooyman) - See [ss-2015-012](http://www.silverstripe.org/software/download/security-releases/ss-2015-012)
* 2015-05-22 [79cfa2b](https://github.com/silverstripe/sapphire/commit/79cfa2b) Bug fix sqlquery select (Damian Mooyman) - See [ss-2015-011](http://www.silverstripe.org/software/download/security-releases/ss-2015-011)
### Bugfixes
* 2015-04-24 [242de4e](https://github.com/silverstripe/sapphire/commit/242de4e) Added Youtube's short URL. (Michael Strong)
* 2015-05-28 [9c8fa51](https://github.com/silverstripe/sapphire/commit/9c8fa51) Allow users to specify allowed hosts (Marcus Nyeholt)
* 2015-05-07 [828ad6e](https://github.com/silverstripe/sapphire/commit/828ad6e) Modifications to GridFieldExportButton to allow ArrayList use in SS_Report (Will Rossiter)
* 2015-04-30 [be10d90](https://github.com/silverstripe/sapphire/commit/be10d90) count breaks when having clause defined (Aram Balakjian)
* 2015-04-27 [120b983](https://github.com/silverstripe/sapphire/commit/120b983) X-Reload & X-ControllerURL didn't support absolute URLs (fixes #4119) (Loz Calver)
* 2015-04-25 [bfd8b66](https://github.com/silverstripe/sapphire/commit/bfd8b66) for #4104, minor revision of error messages in ListboxField (more intuitive). (Patrick Nelson)
* 2015-04-23 [5ae0ca1](https://github.com/silverstripe/sapphire/commit/5ae0ca1) #4100 Setup the ability to overload the ShortcodeParser class and ensuring its methods/properties are extensible via the "static" keyword. (Patrick Nelson)
* 2015-04-23 [c2fd18e](https://github.com/silverstripe/sapphire/commit/c2fd18e) use config for Security::$login_url (Daniel Hensby)
* 2015-04-23 [19423e9](https://github.com/silverstripe/sapphire/commit/19423e9) Fix tinymce errors crashing CMS When removing a tinymce field, internal third party errors should be caught and ignored gracefully rather than breaking the whole CMS. (Damian Mooyman)
* 2015-04-20 [8e24511](https://github.com/silverstripe/sapphire/commit/8e24511) Fix users with all cms section access not able to edit files Fixes #4078 (Damian Mooyman)
* 2015-04-14 [8caaae6](https://github.com/silverstripe/sapphire/commit/8caaae6) Fix accordion sometimes displaying scrollbars (Damian Mooyman)
* 2015-03-31 [a71f5f9](https://github.com/silverstripe/silverstripe-cms/commit/a71f5f9) Use SearchForm::create to instantiate SearchForm (Daniel Hensby)
* 2015-03-26 [636cddb](https://github.com/silverstripe/sapphire/commit/636cddb) export and print buttons outside button row (Naomi Guyer)
* 2015-03-26 [a7d3f89](https://github.com/silverstripe/sapphire/commit/a7d3f89) Check for existence of HTTP_USER_AGENT to avoid E_NOTICE error. (Sean Harvey)
* 2015-03-25 [8d6cd15](https://github.com/silverstripe/sapphire/commit/8d6cd15) Fix some database errors during dev/build where an auth token exists for the current user Fixes #3660 (Damian Mooyman)
* 2015-03-23 [aba0b70](https://github.com/silverstripe/sapphire/commit/aba0b70) GridFieldDetailForm::setItemEditFormCalback broke chaining (Daniel Hensby)
* 2015-03-23 [72bb9a2](https://github.com/silverstripe/sapphire/commit/72bb9a2) Debug::text no longer incorrecty returns "ViewableData_debugger" (Daniel Hensby)
* 2015-03-16 [f2b1fa9](https://github.com/silverstripe/sapphire/commit/f2b1fa9) broken link in docs to how_tos/extend_cms_interface (Jeremy Shipman)
* 2015-02-24 [6c92a86](https://github.com/silverstripe/silverstripe-cms/commit/6c92a86) Fix CMSMainTest attempting to render page on Security permission error (Damian Mooyman)