# 3.0.11-rc1 Minor security release ## Security * 2014-04-16 [9d74bc4](https://github.com/silverstripe/sapphire/commit/9d74bc4) Potential DoS exploit in TinyMCE - See [announcement SS-2014-009](http://www.silverstripe.org/ss-2014-009-potential-dos-exploit-in-tinymce/) * 2014-05-05 [9bfeffd](https://github.com/silverstripe/silverstripe-framework/commit/9bfeffd) Injection / Filesystem vulnerability in generatesecuretoken - See [announcement SS-2014-010](http://www.silverstripe.org/ss-2014-010-injection-filesystem-vulnerability-in-generatesecuretoken/) ### Bugfixes * 2013-06-20 [f2c4a62](https://github.com/silverstripe/sapphire/commit/f2c4a62) ConfirmedPasswordField used to expose existing hash (Hamish Friedlander) ## Changelog * [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.0.11-rc1) * [cms](https://github.com/silverstripe/silverstripe-cms/releases/tag/3.0.11-rc1) * [installer](https://github.com/silverstripe/silverstripe-installer/releases/tag/3.0.11-rc1)