mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
e9d88dd8ee
Rebased on 3.1
21 lines
845 B
Markdown
21 lines
845 B
Markdown
# 2.3.13 (2012-02-01)
|
|
|
|
## Overview
|
|
|
|
* Security: Cross-site scripting on text transformations in templates
|
|
* Security: Cross-site scripting (XSS) related to page titles in the CMS
|
|
|
|
## Upgrading Notes ##
|
|
|
|
See [2.4.7](2.4.7).
|
|
|
|
## Changelog ##
|
|
|
|
### Bugfixes
|
|
|
|
* 2012-01-31 [15e9e05](https://github.com/silverstripe/sapphire/commit/15e9e05) Casting return values on text helper methods in StringField, Text, Varchar (Ingo Schommer)
|
|
* 2009-05-26 [acf9e01](https://github.com/silverstripe/sapphire/commit/acf9e01) Don't break CMS tree if HTML gets into MenuTitle (Sam Minnee)
|
|
|
|
### Other
|
|
|
|
* 2012-01-31 [475e077](https://github.com/silverstripe/sapphire/commit/475e077) SECURITY Sanitize messages passed to generated JS calls in FormResponse::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages (Ingo Schommer) |