silverstripe-framework/docs/en/changelogs/rc/3.0.11-rc1.md
2014-05-07 15:54:55 +12:00

20 lines
1.2 KiB
Markdown

# 3.0.11-rc1
Minor security release
## Security
* 2014-04-16 [9d74bc4](https://github.com/silverstripe/sapphire/commit/9d74bc4) Potential DoS exploit in TinyMCE - See [announcement SS-2014-009](http://www.silverstripe.org/ss-2014-009-potential-dos-exploit-in-tinymce/)
* 2014-05-05 [9bfeffd](https://github.com/silverstripe/silverstripe-framework/commit/9bfeffd) Injection / Filesystem vulnerability in generatesecuretoken - See [announcement SS-2014-010](http://www.silverstripe.org/ss-2014-010-injection-filesystem-vulnerability-in-generatesecuretoken/)
* 2014-05-07 [0099a18](https://github.com/silverstripe/silverstripe-framework/commit/0099a18) Folder filename injection - See [announcement SS-2014-011](http://www.silverstripe.org/ss-2014-011-folder-filename-injection/)
### Bugfixes
* 2013-06-20 [f2c4a62](https://github.com/silverstripe/sapphire/commit/f2c4a62) ConfirmedPasswordField used to expose existing hash (Hamish Friedlander)
## Changelog
* [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.0.11-rc1)
* [cms](https://github.com/silverstripe/silverstripe-cms/releases/tag/3.0.11-rc1)
* [installer](https://github.com/silverstripe/silverstripe-installer/releases/tag/3.0.11-rc1)