mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Removed SS-2014-002 from changelog, not backported to 3.0
This commit is contained in:
parent
a6f794c3b9
commit
ec02df2160
@ -3,13 +3,4 @@
|
|||||||
## Overview
|
## Overview
|
||||||
|
|
||||||
* Security: Require ADMIN for ?flush=1&isDev=1 ([SS-2014-001](http://www.silverstripe.org/ss-2014-001-require-admin-for-flush1-and-isdev1))
|
* Security: Require ADMIN for ?flush=1&isDev=1 ([SS-2014-001](http://www.silverstripe.org/ss-2014-001-require-admin-for-flush1-and-isdev1))
|
||||||
* Security: XSS in third party library (SWFUpload) ([SS-2014-002](http://www.silverstripe.org/ss-2014-002-xss-in-third-party-library-swfupload/))
|
* Security: XSS in third party library (SWFUpload) ([SS-2014-002](http://www.silverstripe.org/ss-2014-002-xss-in-third-party-library-swfupload/))
|
||||||
* Security: SiteTree.ExtraMeta allows JavaScript for malicious CMS authors ([SS-2014-003](http://www.silverstripe.org/ss-2014-003-extrameta-allows-javascript-for-malicious-cms-authors-/))
|
|
||||||
|
|
||||||
## Upgrading
|
|
||||||
|
|
||||||
### SiteTree.ExtraMeta allows JavaScript for malicious CMS authors
|
|
||||||
|
|
||||||
If you have previously used the `SiteTree.ExtraMeta` field for `<head>` markup
|
|
||||||
other than its intended use case (`<meta>` and `<link>`), please consult
|
|
||||||
[SS-2014-003](http://www.silverstripe.org/ss-2014-003-extrameta-allows-javascript-for-malicious-cms-authors-/).
|
|
Loading…
Reference in New Issue
Block a user