# 4.4.4

<!--- Changes below this line will be automatically regenerated -->



## Change Log

### Security

 * 2019-09-23 [8b7063a8e](https://github.com/silverstripe/silverstripe-framework/commit/8b7063a8e2773e2bbec3cabf94ed86e11f607071) Fix access escalation for CMS users with limited access through permission cache pollution (Serge Latyntcev) - See [cve-2019-12617](https://www.silverstripe.org/download/security-releases/cve-2019-12617)
 * 2019-09-16 [eccfa9b10](https://github.com/silverstripe/silverstripe-framework/commit/eccfa9b10d246d741de2fa83d502339d45068983) Session fixation in "change password" form (Serge Latyntcev) - See [cve-2019-12203](https://www.silverstripe.org/download/security-releases/cve-2019-12203)
 * 2019-08-20 [f98a59de](https://github.com/silverstripe/silverstripe-cms/commit/f98a59deb58d3c9c739f5b32de16472f6ef4a69c) install.php warning does not account for public dir (Aaron Carlino) - See [cve-2019-12204](https://www.silverstripe.org/download/security-releases/cve-2019-12204)
 * 2019-08-17 [8c7a719](https://github.com/silverstripe/silverstripe-assets/commit/8c7a71992b038f65543a37097b88e6929c23ba8b) Broken access control on files due to session grant (Aaron Carlino) - See [cve-2019-14273](https://www.silverstripe.org/download/security-releases/cve-2019-14273)
 * 2019-05-21 [73e0cc6](https://github.com/silverstripe/silverstripe-assets/commit/73e0cc69dc499c24aa706af9eddd8a2db2ac93e0) Fix incorrect access control vulnerability with unwritten files in protected folders (Robbie Averill) - See [cve-2019-12245](https://www.silverstripe.org/download/security-releases/cve-2019-12245)

### Features and Enhancements

 * 2019-09-18 [1308911](https://github.com/silverstripe/silverstripe-assets/commit/13089110e7b3feea2196198fd3beda21244ceb20) Add task to remove/protect _versions folders (Aaron Carlino)

### Bugfixes

 * 2019-09-24 [3659f2888](https://github.com/silverstripe/silverstripe-framework/commit/3659f2888d9359f106f91afe46a2f605ed563233) Add 'legal empty attributes' to allow empty alt values on i… (#9257) (Guy Marriott)
 * 2019-09-23 [0d27f32cc](https://github.com/silverstripe/silverstripe-framework/commit/0d27f32cc9df8776879ff4142a14945c2cba2ad1) Add 'legal empty attributes' to allow empty alt values on imgs (Garion Herman)
 * 2019-09-23 [fc536fa](https://github.com/silverstripe/silverstripe-assets/commit/fc536faf2413683549d6b8e77400dc85e37b3a30) Update Apache .htaccess for new access directives (Dylan Wagstaff)
 * 2019-09-20 [ea363fc](https://github.com/silverstripe/silverstripe-asset-admin/commit/ea363fcabd9af8d7607bac9b431171b6b94583f1) Correctly process all non-insert form actions normally in the media dialog (#1005) (Damian Mooyman)
 * 2019-09-16 [6a1c6ecec](https://github.com/silverstripe/silverstripe-framework/commit/6a1c6ecec6e39ae1f66c9750d5136cf83faa6417) Fix administrators not being able to see files that are restricted to groups (bergice)
 * 2019-09-10 [591b88a9b](https://github.com/silverstripe/silverstripe-framework/commit/591b88a9bc05b40a7ce3604283b9b7cb684f88cc) Allow infinite loop when calling DataObject::writeComponent() recursively (Maxime Rainville)
 * 2019-09-03 [b0a6973](https://github.com/silverstripe/silverstripe-asset-admin/commit/b0a6973052e73652a9092e7ed9d5dd5d89e5dd42) Remove Default DropzoneJS Timeout of 30s (#985) (Joe Harvey)
 * 2019-09-02 [9f19a9b](https://github.com/silverstripe/silverstripe-versioned/commit/9f19a9b3c9999571d4c4db106dc8b8d95dc81cf8) make the actions consistent on the grid field items to what they look like on pages (#242) (Andre Kiste)
 * 2019-08-29 [194ec84](https://github.com/silverstripe/silverstripe-admin/commit/194ec84496bf5b31212461347170c489231c102f) content block editing breaking when editing using IE11 by adding Event constructor polyfill (bergice)
 * 2019-08-29 [77ba8391c](https://github.com/silverstripe/silverstripe-framework/commit/77ba8391c40278930873301d50ee3c1168da4cef) Byte Order Marks (BOM) are now stripped when importing CSV files (Robbie Averill)
 * 2019-08-28 [73f43c6f4](https://github.com/silverstripe/silverstripe-framework/commit/73f43c6f428dc92ee2c9a5f932c63ed8a04c8230) Remove placeholder text on new group form (Maxime Rainville)
 * 2019-08-27 [2f8d847a1](https://github.com/silverstripe/silverstripe-framework/commit/2f8d847a10fcef45a49e1d96d407b84b99221637) make the grid field actions consistent to what they look like on pages (bergice)
 * 2019-08-26 [d2a07b104](https://github.com/silverstripe/silverstripe-framework/commit/d2a07b10478ddc57d798e9c96f057973e6e4de68) Remove error when exporting a column that is not displayed in a GridField (Will Rossiter)
 * 2019-08-26 [314a906](https://github.com/silverstripe/silverstripe-admin/commit/314a9068e5a3a1a71dfc99021d6acec9b0ab5b77) Fix the jstree styles so that the selected states are more visible (bergice)
 * 2019-08-26 [8b22e3b](https://github.com/silverstripe/silverstripe-assets/commit/8b22e3b7802164a8a59f8bfa2e0417e3ff6bc7a2) Update LegacyThumbnailMigrationHelper to carry on if it hits a fileID it can't parse (Maxime Rainville)
 * 2019-08-23 [5845ac6](https://github.com/silverstripe/silverstripe-admin/commit/5845ac685851f8841af8d96ef6313a2cff153ba4) Prevent breadcrumb item styles from bleeding into non-react (Maxime Rainville)
 * 2019-08-23 [94d6c80](https://github.com/silverstripe/silverstripe-admin/commit/94d6c80780430acb4e9d8786a5080a800f777792) enter to submit form not working on `Add new page` (bergice)
 * 2019-08-22 [841c855](https://github.com/silverstripe/silverstripe-versioned/commit/841c8552b1c7cd7437d607aa51783a62f69a8c34) Ensure dataobjects are unpublished during the delete mutation (Guy Marriott)
 * 2019-08-22 [4cb4d46](https://github.com/silverstripe/silverstripe-admin/commit/4cb4d467c500f0098f54002599b96ad8e2d112bb) react-select clears input on search. Monkey patch, needs upgrade (Aaron Carlino)
 * 2019-08-18 [ab4ccb8](https://github.com/silverstripe/silverstripe-assets/commit/ab4ccb8d5311c6ef20640fa5d4bcbdc76c8eeede) Update LegacyFileIDHelper to understand pre-SS33 variant FileID (Maxime Rainville)
 * 2019-08-13 [1c548cb](https://github.com/silverstripe/silverstripe-admin/commit/1c548cb599563997687cd1062ff2a0985c43197e) jstree state when saving a page by retaining the open/closed state and selected node state. (bergice)
 * 2019-07-29 [0abfed3e0](https://github.com/silverstripe/silverstripe-framework/commit/0abfed3e06c62b1156073bdf068a1b0ac23d2505) Skip md5-ing the whole contents of a stream for etags (Guy Marriott)
 * 2019-04-12 [7592db91](https://github.com/silverstripe/silverstripe-cms/commit/7592db918f269db2fd5c33d9c1259df86f15e12b) VirtualPage missing methods from target page (fixes #2408) (Loz Calver)


<!--- Changes above this line will be automatically regenerated -->