diff --git a/docs/en/04_Changelogs/3.2.6.md b/docs/en/04_Changelogs/3.2.6.md new file mode 100644 index 000000000..90931122b --- /dev/null +++ b/docs/en/04_Changelogs/3.2.6.md @@ -0,0 +1,29 @@ +# 3.2.6 + + + +## Change Log + +### Security + + * 2016-11-11 [4440b88](https://github.com/silverstripe/silverstripe-framework/commit/4440b887304fe80ca77366800457cbc2ac705654) Form@httpSubmission will no longer load submitted data to disabled or readonly fields (Daniel Hensby) - See [ss-2016-010](http://www.silverstripe.org/download/security-releases/ss-2016-010) + * 2016-11-11 [61e4055](https://github.com/silverstripe/silverstripe-framework/commit/61e4055bdb13e37df6aa0d8edca0bf5d9345dc7e) Cast FormField values as Text to prevent readonly fields embeding rogue HTML (Daniel Hensby) - See [ss-2016-010](http://www.silverstripe.org/download/security-releases/ss-2016-010) + * 2016-10-27 [17097a4](https://github.com/silverstripe/silverstripe-framework/commit/17097a4d11274b157eadf64f32708acef204d510) Properly escape backURL for template injection (Daniel Hensby) - See [ss-2016-016](http://www.silverstripe.org/download/security-releases/ss-2016-016) + * 2016-08-02 [62a2421](https://github.com/silverstripe/silverstripe-framework/commit/62a242154ec3508fe9b174a40713c8520ac1684c) value / title escaping in CheckboxSetField and OptionsetField (Damian Mooyman) - See [ss-2016-015](http://www.silverstripe.org/download/security-releases/ss-2016-015) + * 2016-07-25 [1c7d5de](https://github.com/silverstripe/silverstripe-framework/commit/1c7d5de51bcdf16ebb21c5a0ebe5fe9e31f9a822) Autologin cookies are ignored if autologin is disabled (Daniel Hensby) - See [ss-2016-014](http://www.silverstripe.org/download/security-releases/ss-2016-014) + * 2016-07-22 [6817c57](https://github.com/silverstripe/silverstripe-framework/commit/6817c57f64b9eb2b271b81662cd83b074a3daee4) Uncasted member name (Daniel Hensby) - See [ss-2016-013](http://www.silverstripe.org/download/security-releases/ss-2016-013) + * 2016-07-15 [298f615](https://github.com/silverstripe/silverstripe-framework/commit/298f61521c55b07e5c898a92264dbe111735a87a) Reset `Member::Salt` on password change (Daniel Hensby) - See [ss-2016-008](http://www.silverstripe.org/download/security-releases/ss-2016-008) + * 2016-07-14 [6606d98](https://github.com/silverstripe/silverstripe-framework/commit/6606d986634f5b5dec16462acaa8d9a513c29fec) ChangePasswordForm does not check $member->canLogin before login (Daniel Hensby) - See [ss-2016-011](http://www.silverstripe.org/download/security-releases/ss-2016-011) + * 2016-07-14 [ca526b0](https://github.com/silverstripe/silverstripe-reports/commit/ca526b08c32ffe171368c1f6e456a8bfffa287d7) Missing ACL check on ReportAdmin (Daniel Hensby) - See [ss-2016-012](http://www.silverstripe.org/download/security-releases/ss-2016-012) + * 2016-07-14 [5f73d34](https://github.com/silverstripe/silverstripe-cms/commit/5f73d3454ecbc4850e91a0a3007102f6d4d9b853) Missing ACL check on ReportAdmin (Daniel Hensby) - See [ss-2016-012](http://www.silverstripe.org/download/security-releases/ss-2016-012) + * 2016-07-14 [04b4453](https://github.com/silverstripe/silverstripe-cms/commit/04b4453e041c2520d3658be1585146f79dca09d8) Missing ACL check on ReportAdmin (Daniel Hensby) - See [ss-2016-012](http://www.silverstripe.org/download/security-releases/ss-2016-012) + +### Bugfixes + + * 2016-11-03 [edfe514](https://github.com/silverstripe/silverstripe-framework/commit/edfe514540aae0772f49225f3614ce045ad9e1d4) Ensure that builds use the 3.4 dependencies. (Sam Minnee) + * 2016-09-12 [a14df0b](https://github.com/silverstripe/silverstripe-framework/commit/a14df0bc2d08f953ff7dd6f57899dbf260ab13a5) Force line endings to LF on sake file (Daniel Hensby) + * 2016-09-06 [e7ecf6c](https://github.com/silverstripe/silverstripe-framework/commit/e7ecf6cf15d4b3d4adaf0a415a5c4f9f2a15a003) Bad strpos call in HTTP::register_etag() (Daniel Hensby) + * 2016-08-22 [59be597](https://github.com/silverstripe/silverstripe-cms/commit/59be597004da21064e51c6237fbb451628bebf66) #1052 (Daniel Hensby) + * 2016-08-22 [4998b80](https://github.com/silverstripe/silverstripe-framework/commit/4998b8044530a83c617194d544b76a98f742386e) ArrayList sorting now caseinsensitive (Daniel Hensby) + * 2016-08-15 [95c640a](https://github.com/silverstripe/silverstripe-cms/commit/95c640ae6b5620be83d38e8060317554bc0820ed) Fix regression in FormField casting (Damian Mooyman) + * 2016-07-28 [56f0b72](https://github.com/silverstripe/silverstripe-framework/commit/56f0b72e8dbf5b7205ae12c80e0f4c9a0614d1a2) ETag header now properly quoted (Daniel Hensby)