tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

Added 3.1.0-rc3 changelog

Browse Source
This commit is contained in:
Ingo Schommer 2013-09-26 01:42:27 +02:00
parent 5b47c3aa1c
commit b3c91ecac9
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/en/changelogs/rc/3.1.0-rc3.md Normal file
View File

@ -0,0 +1,21 @@
# 3.1.0-rc3
# Overview
### Security: XSS in CMS "Security" section (SS-2013-007)
See [announcement](http://www.silverstripe.org/ss-2013-007-xss-in-cms-security-section/)
### Security: XSS in form validation errors (SS-2013-008)
See [announcement](http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/)
### Security: XSS in CMS "Pages" section (SS-2013-009)
See [announcement](http://www.silverstripe.org/ss-2013-009-xss-in-cms-pages-section/)
### API: Form validation message no longer allow HTML
Due to cross-site scripting concerns when user data is used for form messages,
it is no longer possible to use HTML in `Form->sessionMessage()`, and consequently
in the `FormField->validate()` API.