tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-27 23:19:35 +02:00
Code Issues Projects Releases Wiki Activity

DOCS add release announcement link to changelog

Browse Source 
I've also suggested a note to an existing Chrome lazy-loading bug
This commit is contained in:
brynwhyman 2021-10-06 12:43:43 +13:00
parent 3d7184c69b
commit 9a119a3581
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/en/04_Changelogs/4.9.0.md
View File

@ -92,6 +92,8 @@ A full list of module versions included in CMS Recipe 4.9.0 is provided below. W
Upgrading to Silverstripe CMS Recipe 4.9.0 is recommended for all sites. This upgrade can be carried out by any development team familiar with Silverstripe.
In addition to the below, have a read of the [CMS 4.9 release announcement](https://www.silverstripe.org/blog/cms-4-9-is-here/).
- [Security considerations](#security-considerations)
- [Security audit and regression test](#audit)
- [For development teams of Common Web Platform projects](#cwp-end)
@ -119,7 +121,6 @@ We have provided a high-level severity rating of the vulnerabilities below based
If your site has a custom GraphQL 3 ItemQuery/ListQuery Scaffolder implementation that relies on having no permission check, you will need to add a custom permission checker to bypass the `canView()` check. See the [security announcement](https://www.silverstripe.org/download/security-releases/CVE-2021-28661) for implementation details.
## Regression test and Security audit{#audit}
This release has been comprehensively regression tested and passed to a third party for a security-focused audit.
@ -211,6 +212,8 @@ Content authors can disable lazy loading on images added via the HTML editor fie
Consult the [Insert images](https://userhelp.silverstripe.org/en/4/creating_pages_and_content/creating_and_editing_content/inserting_images/#lazy-loading)
article in the Silverstripe CMS user help for detailed instructions.
*Also note:* There is a [long-standing bug in Google Chrome](https://bugs.chromium.org/p/chromium/issues/detail?id=875403) that will prevent images that have not yet been in view (and loaded) from being included if a user chooses to print the page. This is something that site owners should be made aware of.
### Manage your CMS sessions across devices {#session-manager}
The [session manager module](https://github.com/silverstripe/silverstripe-session-manager) is a new security focused feature which allows a CMS user to view and manage their active sessions in the CMS within the "My profile" section of the CMS (/admin/myprofile). They can see the device details behind each session and have the ability to revoke these sessions. This new module has been added to `silverstripe/recipe-cms` which is the recommended method of managing Silverstripe CMS dependencies in a project.