Commit Graph

779 Commits

Author SHA1 Message Date
Maxime Rainville
5fd16cd7e1 Add 4.5.1 changelog 2020-02-17 17:47:23 +13:00
Maxime Rainville
7ce2abf74d Merge remote-tracking branch 'origin/4.4' into 4.5 2020-02-17 14:43:38 +13:00
Maxime Rainville
a9598eec3f Added 4.4.5 changelog 2020-02-17 14:02:57 +13:00
Maxime Rainville
acd7d94167 Merge branch '4.4' into 4.5 2020-02-17 13:07:26 +13:00
Serge Latyntcev
ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
Serge Latyntcev
08eaed4190 Added 4.5.0 changelog 2019-12-19 11:24:04 +13:00
Serge Latyntcev
e1a1459df3 Added 4.5.0-rc2 changelog 2019-12-19 11:23:31 +13:00
Serge Latyntcev
84d0d75e96 Added 4.5.0-rc1 changelog 2019-11-18 17:18:05 +13:00
Serge Latyntcev
efc9bec5e6 Added 4.5.0-alpha1 changelog 2019-11-14 14:39:41 +13:00
Serge Latyntsev
80b282b605 DOC Forget about google groups 2019-09-26 14:39:38 +12:00
Aaron Carlino
b0a17f5df1 Update changelog 2019-09-25 11:23:57 +12:00
Serge Latyntcev
88fde6e7c3 Merge branch '4.4' into 4 2019-09-24 17:29:06 +12:00
Serge Latyntcev
50a1aa4c4d Merge branch '4.3' into 4.4 2019-09-24 17:28:31 +12:00
Aaron Carlino
b002ef1171 Merge branch '4.4' into 4 2019-09-24 17:26:50 +12:00
Serge Latyntcev
26a4fb38ba Added 4.3.6 changelog 2019-09-24 17:20:48 +12:00
Aaron Carlino
79a89e751d Added 4.4.4 changelog 2019-09-24 17:05:26 +12:00
Aaron Carlino
c1047fac32 DOCS: Add docs for versioned files migration 2019-09-24 16:04:22 +12:00
Aaron Carlino
28057e3a71 DOCS: Add FileShortcodeProvider change to changelog 2019-09-24 16:03:48 +12:00
Aaron Carlino
1f92b21a04 DOCS: Add FileShortcodeProvider change to changelog 2019-09-24 16:03:48 +12:00
Aaron Carlino
8ee5e621fd DOCS: Add docs for versioned files migration 2019-09-24 16:00:51 +12:00
Aaron Carlino
99ab3c6421 DOCS: Add FileShortcodeProvider change to changelog 2019-09-24 16:00:51 +12:00
Ingo Schommer
229df95fe9 DOCS Warning about protected file serving in 4.x 2019-09-13 18:01:44 -07:00
Serge Latyntsev
233e0e7aa0 ENH PasswordExpirationMiddleware implementation (#9207) 2019-09-12 14:34:06 +12:00
Aaron Carlino
da6582f593 NEW: Remove web installer, move to separate package (#9231)
* Remove installer

* Remove exposed install files

* Replace Dev/Install classes still in use

* Update changelog

* FIX make the grid field actions consistent to what they look like on pages

Resolves https://github.com/silverstripe/silverstripe-admin/issues/904

* Docs changes
2019-09-11 13:10:25 +12:00
Ingo Schommer
ca5b1cbf61 DOCS Rewrite server requirements
* Remove overly specific PHP RNG instructions (that's just built into PHP7 through random_bytes now, which will throw if no suitable RNG is available)
 * Remove PHP 5 RNG requirements, since we don't support that PHP release any mre
 * Remove verbose explanation of PHP 5.6 support
 * Remove conflicting instructions for PHP memory limits
 * Remove version numbers from supporetd databases other than MySQL, it's up to the community modules to define that
 * Remove Oracle support (code is nine years old!)
 * Make "community supported" status clearer on databases, people can draw their own conclusions as open source users on Github
 * Remove IIS version number, I think we should just stick to "needs web.config" and not give the impression that this is actively tested
 * Remove mention of OSes for web servers, that's kind of irrelevant in today's hosting world (containers, PaaS, etc)
 * Shorten install instructions in favour of a "quickstart" and point to lessons instead
 * Remove mention of archive download option, we really shouldn't promote this - composer is the de-facto standard
 * Add generic descriptions of the hosting environment considerations without going too much into specifics
 * Remove Apache version number, we don't test on different versions, and really mostly rely on mod_rewrite working properly. Laravel does the same (doesn't claim specific Apache version support)
2019-09-03 18:38:15 +12:00
Guy Marriott
f676672f76
Merge branch '4.4' into 4 2019-08-19 16:10:30 +12:00
Guy Marriott
a6614d8a77
Added 4.4.3 changelog 2019-08-19 15:01:22 +12:00
James Cocker
f68fac2c47
4.4.0 Upgrade Docs: Clarified that the shortcode task isn't run automatically 2019-08-16 14:42:16 +01:00
Aaron Carlino
684f5311a0 Merge branch '4.4' into 4 2019-08-13 12:15:39 +12:00
Aaron Carlino
8cfd3f07ba Added 4.4.2 changelog 2019-08-12 16:08:07 +12:00
Robbie Averill
4936d265a2
DOCS Remove statement about a strict error when overloading PDOQuery constructor
Constructors are not bound by method signature match rules in PHP
2019-08-09 09:16:31 +12:00
Robbie Averill
2a1394bed7 Merge branch '4.4' into 4 2019-07-19 10:46:00 +02:00
Robbie Averill
40f06fafa9 Merge branch '4.3' into 4.4 2019-07-19 10:45:44 +02:00
Robbie Averill
c7b15eaef5 Merge branch '4.2' into 4.3 2019-07-19 10:45:29 +02:00
Ingo Schommer
4d93e48b10
DOCS Add silverstripe/login-forms (#9112)
See https://github.com/silverstripe/recipe-cms/issues/26.
Dependant on https://github.com/silverstripe/silverstripe-installer/pull/257.
2019-07-16 10:11:37 +12:00
Serge Latyntcev
29a663c65d Merge branch '4.4' into 4 2019-07-15 09:24:49 +12:00
Serge Latyntcev
d667d64f13 Merge branch '4.3' into 4.4 2019-07-15 09:18:17 +12:00
Saophalkun Ponlu
6a8c6703d1 Remove use_gzip from HTMLEditorField since it's been removed by TinyMCE codebase (#7261)
* Remove `use_gzip` from HTMLEditorField

* DOCS Mention remove use_gzip in changelog
2019-06-21 09:27:48 +12:00
Serge Latyntcev
5be0c15587 Doc / Fix link to SS-2019-022 in changelogs 2019-06-19 15:14:16 +12:00
Ingo Schommer
49c04bf9cc
DOCS Shortcode upgrade section 2019-06-18 09:20:38 +12:00
Guy Marriott
bb5b610636
Merge branch '4.4' into 4 2019-06-17 08:58:50 +12:00
Guy Marriott
0294029f92
DOCS Remove confusing API change from changelog
This change was removing a method that was added in 4.4.0 also - this makes it not a breaking change for SemVer
2019-06-13 10:46:48 +12:00
Robbie Averill
4eb5800532 Merge pull request #9055 from open-sausages/pulls/4/release-docs-update
DOCS: Ensure minor releases follow security release steps
2019-06-12 11:47:39 +12:00
Maxime Rainville
62cdc43e78 DOC Add missing reference to TagToShortcodeTask. 2019-06-11 15:17:25 +12:00
Aaron Carlino
731646f49d Merge branch '4.4' into 4 2019-06-11 11:48:18 +12:00
Aaron Carlino
92edb68c0c DOCS: Add React 16 information 2019-06-11 11:47:33 +12:00
Guy Marriott
c57584dada DOCS Adding information about better buttons to the release changelog (#9049) 2019-06-11 11:47:17 +12:00
Aaron Carlino
e2894b414b Added 4.4.1 changelog 2019-06-11 11:47:17 +12:00
Aaron Carlino
3c92501dc5 DOCS: Add React 16 information 2019-06-11 10:46:21 +12:00
Guy Marriott
dad80f5acd DOCS Adding information about better buttons to the release changelog (#9049) 2019-06-11 08:28:04 +12:00