tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Added 3.0.9-rc1 changelog

Browse Source
This commit is contained in:
Ingo Schommer 2014-02-19 15:20:24 +13:00
parent f2568f8489
commit a6f794c3b9
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/en/changelogs/rc/3.0.9-rc1.md Normal file
View File

@ -0,0 +1,15 @@
# 3.0.9-rc1 (2014-02-19)
## Overview
* Security: Require ADMIN for ?flush=1&isDev=1 ([SS-2014-001](http://www.silverstripe.org/ss-2014-001-require-admin-for-flush1-and-isdev1))
* Security: XSS in third party library (SWFUpload) ([SS-2014-002](http://www.silverstripe.org/ss-2014-002-xss-in-third-party-library-swfupload/))
* Security: SiteTree.ExtraMeta allows JavaScript for malicious CMS authors ([SS-2014-003](http://www.silverstripe.org/ss-2014-003-extrameta-allows-javascript-for-malicious-cms-authors-/))
## Upgrading
### SiteTree.ExtraMeta allows JavaScript for malicious CMS authors
If you have previously used the `SiteTree.ExtraMeta` field for `<head>` markup
other than its intended use case (`<meta>` and `<link>`), please consult
[SS-2014-003](http://www.silverstripe.org/ss-2014-003-extrameta-allows-javascript-for-malicious-cms-authors-/).