tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-30 08:29:28 +02:00
Code Issues Projects Releases Wiki Activity

DOCS add release announcement link to changelog

Browse Source 
I've also suggested a note to an existing Chrome lazy-loading bug
This commit is contained in:
brynwhyman 2021-10-06 12:43:43 +13:00
parent 3d7184c69b
commit 9a119a3581
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/en/04_Changelogs/4.9.0.md
View File

@ -92,6 +92,8 @@ A full list of module versions included in CMS Recipe 4.9.0 is provided below. W
Upgrading to Silverstripe CMS Recipe 4.9.0 is recommended for all sites. This upgrade can be carried out by any development team familiar with Silverstripe. Upgrading to Silverstripe CMS Recipe 4.9.0 is recommended for all sites. This upgrade can be carried out by any development team familiar with Silverstripe.
In addition to the below, have a read of the [CMS 4.9 release announcement](https://www.silverstripe.org/blog/cms-4-9-is-here/).
- [Security considerations](#security-considerations) - [Security considerations](#security-considerations)
- [Security audit and regression test](#audit) - [Security audit and regression test](#audit)
- [For development teams of Common Web Platform projects](#cwp-end) - [For development teams of Common Web Platform projects](#cwp-end)
@ -119,7 +121,6 @@ We have provided a high-level severity rating of the vulnerabilities below based
If your site has a custom GraphQL 3 ItemQuery/ListQuery Scaffolder implementation that relies on having no permission check, you will need to add a custom permission checker to bypass the `canView()` check. See the [security announcement](https://www.silverstripe.org/download/security-releases/CVE-2021-28661) for implementation details. If your site has a custom GraphQL 3 ItemQuery/ListQuery Scaffolder implementation that relies on having no permission check, you will need to add a custom permission checker to bypass the `canView()` check. See the [security announcement](https://www.silverstripe.org/download/security-releases/CVE-2021-28661) for implementation details.
## Regression test and Security audit{#audit} ## Regression test and Security audit{#audit}
This release has been comprehensively regression tested and passed to a third party for a security-focused audit. This release has been comprehensively regression tested and passed to a third party for a security-focused audit.
@ -211,6 +212,8 @@ Content authors can disable lazy loading on images added via the HTML editor fie
Consult the [Insert images](https://userhelp.silverstripe.org/en/4/creating_pages_and_content/creating_and_editing_content/inserting_images/#lazy-loading) Consult the [Insert images](https://userhelp.silverstripe.org/en/4/creating_pages_and_content/creating_and_editing_content/inserting_images/#lazy-loading)
article in the Silverstripe CMS user help for detailed instructions. article in the Silverstripe CMS user help for detailed instructions.
*Also note:* There is a [long-standing bug in Google Chrome](https://bugs.chromium.org/p/chromium/issues/detail?id=875403) that will prevent images that have not yet been in view (and loaded) from being included if a user chooses to print the page. This is something that site owners should be made aware of.
### Manage your CMS sessions across devices {#session-manager} ### Manage your CMS sessions across devices {#session-manager}
The [session manager module](https://github.com/silverstripe/silverstripe-session-manager) is a new security focused feature which allows a CMS user to view and manage their active sessions in the CMS within the "My profile" section of the CMS (/admin/myprofile). They can see the device details behind each session and have the ability to revoke these sessions. This new module has been added to `silverstripe/recipe-cms` which is the recommended method of managing Silverstripe CMS dependencies in a project. The [session manager module](https://github.com/silverstripe/silverstripe-session-manager) is a new security focused feature which allows a CMS user to view and manage their active sessions in the CMS within the "My profile" section of the CMS (/admin/myprofile). They can see the device details behind each session and have the ability to revoke these sessions. This new module has been added to `silverstripe/recipe-cms` which is the recommended method of managing Silverstripe CMS dependencies in a project.