mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
58 lines
6.8 KiB
Markdown
58 lines
6.8 KiB
Markdown
# 4.5.1
|
|
|
|
## Security patches
|
|
|
|
This release contains security patches
|
|
|
|
### CVE-2019-1935 (CVSS 7.5)
|
|
|
|
Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data).
|
|
|
|
See [cve-2019-19325](https://www.silverstripe.org/download/security-releases/cve-2019-19325)
|
|
|
|
<!--- Changes below this line will be automatically regenerated -->
|
|
|
|
## Change Log
|
|
|
|
### Security
|
|
|
|
* 2020-02-12 [d515e5e](https://github.com/silverstripe/silverstripe-admin/commit/d515e5eced1787d99d4ca1520e01513c2031a627) XSS through non-scalar FormField attributes (Serge Latyntcev) - See [cve-2019-19325](https://www.silverstripe.org/download/security-releases/cve-2019-19325)
|
|
* 2020-02-03 [ad1b00ec7](https://github.com/silverstripe/silverstripe-framework/commit/ad1b00ec7dc1589a05bfc7f5f8207489797ef714) XSS through non-scalar FormField attributes (Serge Latyntcev) - See [cve-2019-19325](https://www.silverstripe.org/download/security-releases/cve-2019-19325)
|
|
|
|
### Features and Enhancements
|
|
|
|
* 2020-01-14 [63b24d7](https://github.com/silverstripe/silverstripe-admin/commit/63b24d785cd5e8e53d78bae603f0d5fda9af6d74) Add new block icon set for open source use (Sacha Judd)
|
|
|
|
### Bugfixes
|
|
|
|
* 2020-02-16 [b1576a8](https://github.com/silverstripe/silverstripe-graphql/commit/b1576a820109e7840093620b52c6a0fcaa597e7f) ensure canView check is run on returned items (#8) (Steve Boyd)
|
|
* 2020-02-13 [62a68f4](https://github.com/silverstripe/silverstripe-admin/commit/62a68f480f5383f092155d450fd9279d27694e9c) Add back missing edit-write icon (Sacha Judd)
|
|
* 2020-02-11 [f7d09b1](https://github.com/silverstripe/silverstripe-versioned-admin/commit/f7d09b1704ce6f27b9d8a4b125e000a29299bfa5) Update core requirements to 4.5 series (Garion Herman)
|
|
* 2020-02-10 [bddb5ad](https://github.com/silverstripe/silverstripe-versioned/commit/bddb5ad97c15034d2fecf120048aecea69404a3d) Update core requirement to 4.5 series (Garion Herman)
|
|
* 2020-02-10 [62de5181](https://github.com/silverstripe/silverstripe-siteconfig/commit/62de51815cd2d9142974bfd4d0761ac45847b3c2) Update core requirements to 4.5 series (Garion Herman)
|
|
* 2020-02-10 [7436e11d](https://github.com/silverstripe/silverstripe-reports/commit/7436e11d4fb8c057b5fbe6cf482b35ac4a9443b8) Update core requirements to 4.5 series (Garion Herman)
|
|
* 2020-02-10 [2742d74](https://github.com/silverstripe/silverstripe-errorpage/commit/2742d74b42e4b77775b63fbb0771924576bed09a) Update CMS requirement to 4.5 series (Garion Herman)
|
|
* 2020-02-10 [664e6c99](https://github.com/silverstripe/silverstripe-cms/commit/664e6c99c0c0ac2733245024e461f2454c07ad05) Update core requirements to 4.5 series (Garion Herman)
|
|
* 2020-02-10 [ad5858a](https://github.com/silverstripe/silverstripe-campaign-admin/commit/ad5858ae28a8a7f25423b22990d561a6c7dac9e3) Update core requirements to 4.5 series (Garion Herman)
|
|
* 2020-02-10 [5053663](https://github.com/silverstripe/silverstripe-asset-admin/commit/50536635359c1fb3d2da06ed558fe07d25757dac) Update core requirements to 4.5 series (Garion Herman)
|
|
* 2020-02-10 [93d1acc](https://github.com/silverstripe/silverstripe-assets/commit/93d1acc4d53edb2affcb1d318edb721a6e307f66) Update framework requirement to 4.5 series (Garion Herman)
|
|
* 2020-02-05 [5dec950](https://github.com/silverstripe/silverstripe-asset-admin/commit/5dec9505f415f6396c9437a625ae2872e89c8cdd) do not render ImageSizePresentList react component for remote files (Steve Boyd)
|
|
* 2020-02-04 [ca36a47bb](https://github.com/silverstripe/silverstripe-framework/commit/ca36a47bb1de577ae8bc2a81ac20eb5f804fc7e1) Update ORM DBField types to use Injector in scaffoldFormField() (mnuguid)
|
|
* 2020-01-23 [9750538a](https://github.com/silverstripe/silverstripe-cms/commit/9750538a5a4b65464d43e673403128c34bbbaabe) Update URLSegment field on enter key, rather than saving page (Garion Herman)
|
|
* 2020-01-23 [aa31b3d](https://github.com/silverstripe/silverstripe-versioned-admin/commit/aa31b3debbe6e98f9e54fc4fc646eb3df63931d4) Adjust diff styling to improve accessibility (Garion Herman)
|
|
* 2020-01-23 [dd8c2ce](https://github.com/silverstripe/silverstripe-assets/commit/dd8c2ce3ca8c6069fbd4ad6fcad156d5f9b150bd) temp images not being deleted if error is thrown (bergice)
|
|
* 2020-01-23 [76f1abc](https://github.com/silverstripe/silverstripe-versioned-admin/commit/76f1abc43900d14751a86d7faf57f0ca7f05fde8) Changed revert button title when revert is possible. (bergice)
|
|
* 2020-01-22 [82a76b93](https://github.com/silverstripe/silverstripe-cms/commit/82a76b9300d33e388684160ac6255cb36ab4cd75) Fix alert showing for unrelated elements (bergice)
|
|
* 2020-01-07 [089053b](https://github.com/silverstripe/silverstripe-admin/commit/089053b42d5561720bdb08203371db1c94cadcf9) Make discard confirmations show up when navigating away from editing files (bergice)
|
|
* 2019-12-16 [8edf14d](https://github.com/silverstripe/silverstripe-assets/commit/8edf14dee8deacd2a0bd013344dd26089e8e8b36) VersionedFilesMigrator auto-generated .htaccess directives (Serge Latyntcev)
|
|
* 2019-12-15 [fbc37fb](https://github.com/silverstripe/silverstripe-versioned/commit/fbc37fb6e74b90b72c7313fc428beec81b9ee4de) Default WasDraft to true when migrating versioned DataObject (#240) (Maxime Rainville)
|
|
* 2019-12-11 [e229a98](https://github.com/silverstripe/silverstripe-assets/commit/e229a98e8e0d2554d7b6ab8408d10cbd54db12c0) Fixes #352 with guard for Folder query result (Russell Michell)
|
|
* 2019-12-09 [be5234d](https://github.com/silverstripe/silverstripe-graphql/commit/be5234d089e0835c5d18248dee4ba53f09d539dc) Reference the correct filters for endswith and startswith (Maxime Rainville)
|
|
* 2019-11-26 [04c377f](https://github.com/silverstripe/silverstripe-errorpage/commit/04c377f33371b1ec7c8b4e28da7bb766294d62cf) Fix phpcs install, phpunit name (Serge Latyntcev)
|
|
* 2019-11-24 [f78b7a5](https://github.com/silverstripe/silverstripe-asset-admin/commit/f78b7a5e1eca2a13caf4b53085a4f8c9a9dd33fa) Update build script to copy images to dist folder (Maxime Rainville)
|
|
* 2019-11-22 [af55826](https://github.com/silverstripe/silverstripe-asset-admin/commit/af558265416a1d98648d98341f2236ef05124d3b) Fix missing dist images (Damian Mooyman)
|
|
* 2019-11-15 [64654ec](https://github.com/silverstripe/silverstripe-assets/commit/64654ec9f606a96ee02b50606c8f3a5656904efa) Retrieve file by filename (Maxime Rainville)
|
|
* 2019-11-14 [4372544](https://github.com/silverstripe/silverstripe-assets/commit/43725448768422448fe96be842ed5c754a654693) Fix linting issue in VersionedFilesMigrationTask and VersionedFilesMigrator (Maxime Rainville)
|
|
* 2019-11-04 [d32b280](https://github.com/silverstripe/silverstripe-errorpage/commit/d32b28011c85fe509919cac72a4b314466dc99ae) Resolve issue where dev/build does not refresh static content (Damian Mooyman)
|
|
<!--- Changes above this line will be automatically regenerated -->
|