Added 2.4.13 changelog

This commit is contained in:
Ingo Schommer 2013-09-26 01:11:59 +02:00
parent c504fe0beb
commit f7373d1124

View File

@ -0,0 +1,17 @@
# 2.4.13
## Overview
### Security: XSS in form validation errors (SS-2013-008)
See [announcement](http://www.silverstripe.org/ss-2013-008-xss-in-form-validation-errors/)
### Security: XSS in CMS "Pages" section (SS-2013-009)
See [announcement](http://www.silverstripe.org/ss-2013-009-xss-in-cms-pages-section/)
### API: Form validation message no longer allow HTML
Due to cross-site scripting concerns when user data is used for form messages,
it is no longer possible to use HTML in `Form->sessionMessage()`, and consequently
in the `FormField->validate()` API.