mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
18 lines
1.1 KiB
Markdown
18 lines
1.1 KiB
Markdown
# 3.6.6
|
|
|
|
This security release removes the following file extensions from the default whitelist of accepted types for
|
|
uploaded files: `dotm`, `potm`, `jar`, `css`, `js` and `xltm`.
|
|
|
|
If you require the ability to upload these file types in your projects, you will need to add them back in again.
|
|
For more information, see ["Limit the allowed file types"](https://docs.silverstripe.org/en/3/developer_guides/forms/field_types/uploadfield/#limit-the-allowed-filetypes).
|
|
|
|
<!--- Changes below this line will be automatically regenerated -->
|
|
|
|
## Change Log
|
|
|
|
### Security
|
|
|
|
* 2018-05-08 [19fdebfa2](https://github.com/silverstripe/silverstripe-framework/commit/19fdebfa2) Remove dotm, potm, jar, css, js, xltm from default File.allowed_extensions (Robbie Averill) - See [ss-2018-014](http://www.silverstripe.org/download/security-releases/ss-2018-014)
|
|
* 2018-04-11 [577138882](https://github.com/silverstripe/silverstripe-framework/commit/577138882) Restrict non-admins from being assigned to admin groups (Damian Mooyman) - See [ss-2018-001](http://www.silverstripe.org/download/security-releases/ss-2018-001)
|
|
|