tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-08 02:31:35 +02:00
Code Issues Projects Releases Wiki Activity
21,444 Commits 29 Branches 525 Tags 151 MiB
765810b013
Commit Graph

746 Commits

Author SHA1 Message Date
Bernard Hamlin
765810b013
Update CVE number to CVE-2019-19325 2020-02-19 09:58:12 +13:00
Maxime Rainville
a9598eec3f Added 4.4.5 changelog 2020-02-17 14:02:57 +13:00
Serge Latyntcev
ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes 
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
 2020-02-17 09:58:29 +13:00
Serge Latyntcev
50a1aa4c4d Merge branch '4.3' into 4.4 2019-09-24 17:28:31 +12:00
Serge Latyntcev
26a4fb38ba Added 4.3.6 changelog 2019-09-24 17:20:48 +12:00
Aaron Carlino
79a89e751d Added 4.4.4 changelog 2019-09-24 17:05:26 +12:00
Aaron Carlino
c1047fac32 DOCS: Add docs for versioned files migration 2019-09-24 16:04:22 +12:00
Aaron Carlino
28057e3a71 DOCS: Add FileShortcodeProvider change to changelog 2019-09-24 16:03:48 +12:00
Aaron Carlino
1f92b21a04 DOCS: Add FileShortcodeProvider change to changelog 2019-09-24 16:03:48 +12:00
Aaron Carlino
8ee5e621fd DOCS: Add docs for versioned files migration 2019-09-24 16:00:51 +12:00
Aaron Carlino
99ab3c6421 DOCS: Add FileShortcodeProvider change to changelog 2019-09-24 16:00:51 +12:00
Guy Marriott
a6614d8a77
Added 4.4.3 changelog 2019-08-19 15:01:22 +12:00
Aaron Carlino
8cfd3f07ba Added 4.4.2 changelog 2019-08-12 16:08:07 +12:00
Robbie Averill
4936d265a2
DOCS Remove statement about a strict error when overloading PDOQuery constructor 
Constructors are not bound by method signature match rules in PHP
 2019-08-09 09:16:31 +12:00
Robbie Averill
40f06fafa9 Merge branch '4.3' into 4.4 2019-07-19 10:45:44 +02:00
Robbie Averill
c7b15eaef5 Merge branch '4.2' into 4.3 2019-07-19 10:45:29 +02:00
Serge Latyntcev
d667d64f13 Merge branch '4.3' into 4.4 2019-07-15 09:18:17 +12:00
Guy Marriott
0294029f92
DOCS Remove confusing API change from changelog 
This change was removing a method that was added in 4.4.0 also - this makes it not a breaking change for SemVer
 2019-06-13 10:46:48 +12:00
Maxime Rainville
62cdc43e78 DOC Add missing reference to TagToShortcodeTask. 2019-06-11 15:17:25 +12:00
Aaron Carlino
3c92501dc5 DOCS: Add React 16 information 2019-06-11 10:46:21 +12:00
Guy Marriott
dad80f5acd DOCS Adding information about better buttons to the release changelog (#9049) 2019-06-11 08:28:04 +12:00
Aaron Carlino
054dbd6ae5 Added 4.3.4 changelog 2019-06-10 22:49:06 +12:00
Aaron Carlino
960a7bb5ae Added 4.2.5 changelog 2019-06-10 22:48:57 +12:00
Aaron Carlino
c5d3f82576 Added 4.4.1 changelog 2019-06-10 17:37:24 +12:00
Aaron Carlino
c747b1f8d3 Merge branch '4.3' into 4.4 2019-06-10 17:32:07 +12:00
Aaron Carlino
f766555d61 Merge branch '4.2' into 4.3 2019-06-10 17:27:05 +12:00
Serge Latyntcev
ca56e8d78e [CVE-2019-12246] Denial of Service on flush and development URL tools 2019-06-10 17:23:56 +12:00
Aaron Carlino
4a0f62fafd Added 4.4.0-rc1 changelog 2019-05-06 15:01:01 +12:00
Ingo Schommer
1f78e8ae80 NEW Clean up secureassets module artefacts (#8948) 
See https://github.com/silverstripe/silverstripe-assets/issues/231
 2019-05-02 21:05:19 +12:00
Ingo Schommer
0696045e59 NEW Legacy thumbnail migration task (#8924) 
* NEW Legacy thumbnail migration task

See https://github.com/silverstripe/silverstripe-assets/issues/235
Makes a start at https://github.com/silverstripe/silverstripe-assets/issues/219 as well

* API Removed migrate_legacy_file support

For the vast majority of sites, you really don't want to run your file migration as part of dev build.
The step is involved enough to warrant it's own task.
I don't think this is an API change, since the setting won't have affect
for anyone who has already enabled it - they would've already done the one-off migration.

See https://github.com/silverstripeltd/open-sourcerers/issues/91
and https://github.com/silverstripe/silverstripe-assets/issues/235
 2019-05-02 09:33:53 +12:00
Ingo Schommer
da91f44c00 DOCS File migration changes for 4.4.0 (#8910) 
* DOCS File migration changes for 4.4.0

See https://github.com/silverstripe/silverstripe-versioned/issues/177

* Update docs/en/02_Developer_Guides/14_Files/03_File_Security.md

Co-Authored-By: chillu <ingo@silverstripe.com>

* Corrected statements on archived/versioned files

* Corrected statement on filesystem paths of protected vs. public

* Update docs/en/02_Developer_Guides/14_Files/03_File_Security.md

Co-Authored-By: chillu <ingo@silverstripe.com>

* Clarify redirect behaviour
 2019-04-30 08:59:25 +12:00
Maxime Rainville
e95dde8f1e DOC Update change log to reference updated migration task (#8945) 
* DOC Update change log to reference updated migration task

* Update docs/en/04_Changelogs/4.4.0.md
 2019-04-30 08:50:33 +12:00
Guy Marriott
5243ec2179
Merge pull request #8811 from Juanitou/patch-5 
Correct typo and commit hash in 4.3.1 changelog
 2019-03-23 10:03:18 +13:00
Guy Marriott
4f431d5db5
Correct typo and commit hash in 4.3.1 changelog 
Co-Authored-By: Juanitou <Juanitou@users.noreply.github.com>
 2019-03-22 09:51:38 +01:00
Aaron Carlino
3421f931a7 Added 4.3.3 changelog 2019-03-19 16:22:35 +13:00
Aaron Carlino
07b32fd7eb Added 4.3.3 changelog 2019-03-19 11:48:59 +13:00
Ingo Schommer
b803a174ed
Merge branch '4' into 4 2019-03-11 21:31:22 +13:00
Robbie Averill
cb8ec9ae1d
DOCS Mark 4.4.0 as unreleased to avoid confusion on docs.silverstripe.org 
[ci skip]
 2019-03-07 09:20:45 +13:00
Aaron Carlino
406b286325 Merge branch '4.3' into 4 2019-03-06 11:13:13 +13:00
Maxime Rainville
c40e6d38a0 Add reference to #8815 in change log 2019-03-06 11:13:02 +13:00
Aaron Carlino
92050578ce Added 4.3.2 changelog 2019-03-06 11:13:01 +13:00
Juan Molina
fa7b6b25f0
Correct typo and commit hash 
The previous commit was leading to a 404 page in GitHub.
 2019-02-19 22:58:35 +01:00
Robbie Averill
3e90fdf42f Merge branch '4.3' into 4 2019-02-19 08:41:05 +07:00
Robbie Averill
ed74549c4f Merge branch '4.2' into 4.3 2019-02-19 08:39:59 +07:00
Robbie Averill
79e44b42fa Merge branch '4.1' into 4.2 2019-02-19 08:37:07 +07:00
Robbie Averill
cb7f15a681 Merge branch '4.0' into 4.1 2019-02-19 08:36:41 +07:00
Aaron Carlino
a481d004ec Added 3.7.3 changelog 2019-02-19 08:36:17 +07:00
Aaron Carlino
4eeec52b09 Added 3.6.7 changelog 2019-02-19 08:35:57 +07:00
Aaron Carlino
0758cd8416 Added 4.2.4 changelog 2019-02-19 13:43:45 +13:00
Aaron Carlino
09c539e1c3 Merge branch '4.3' into 4 2019-02-19 12:21:24 +13:00