mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Added 2.4.13 changelog
This commit is contained in:
parent
c504fe0beb
commit
f7373d1124
17
docs/en/changelogs/2.4.13.md
Normal file
17
docs/en/changelogs/2.4.13.md
Normal file
@ -0,0 +1,17 @@
|
||||
# 2.4.13
|
||||
|
||||
## Overview
|
||||
|
||||
### Security: XSS in form validation errors (SS-2013-008)
|
||||
|
||||
See [announcement](http://www.silverstripe.org/ss-2013-008-xss-in-form-validation-errors/)
|
||||
|
||||
### Security: XSS in CMS "Pages" section (SS-2013-009)
|
||||
|
||||
See [announcement](http://www.silverstripe.org/ss-2013-009-xss-in-cms-pages-section/)
|
||||
|
||||
### API: Form validation message no longer allow HTML
|
||||
|
||||
Due to cross-site scripting concerns when user data is used for form messages,
|
||||
it is no longer possible to use HTML in `Form->sessionMessage()`, and consequently
|
||||
in the `FormField->validate()` API.
|
Loading…
Reference in New Issue
Block a user