mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
8.3 KiB
8.3 KiB
4.3.6
Change Log
Security
- 2019-09-23 5af205993 Fix access escalation for CMS users with limited access through permission cache pollution (Serge Latyntcev) - See cve-2019-12617
- 2019-09-16 569237c0f Session fixation in "change password" form (Serge Latyntcev) - See cve-2019-12203
- 2019-08-20 f98a59de install.php warning does not account for public dir (Aaron Carlino) - See cve-2019-12204
- 2019-08-17 fddf889 Broken access control on files due to session grant (Aaron Carlino) - See cve-2019-14273
- 2019-05-21 73e0cc6 Fix incorrect access control vulnerability with unwritten files in protected folders (Robbie Averill) - See cve-2019-12245
Features and Enhancements
- 2019-09-18 1308911 Add task to remove/protect _versions folders (Aaron Carlino)
- 2019-06-16 06beff7 Allow export of injected GraphQL AST alongside HOC (#889) (Aaron Carlino)
Bugfixes
- 2019-09-23 aa7c05742 Don't force-add view button to readonly GridField (fixes #… (#9254) (Guy Marriott)
- 2019-09-23 190b2f284 run member CMS validator when editing via groups (fixes #9… (#9255) (Guy Marriott)
- 2019-09-23 efdb9cc71 run member CMS validator when editing via groups (fixes #9184) (Loz Calver)
- 2019-09-23 d85ff3bc4 Don't force-add view button to readonly GridField (fixes #9249) (Loz Calver)
- 2019-09-23 fc536fa Update Apache .htaccess for new access directives (Dylan Wagstaff)
- 2019-09-20 ea363fc Correctly process all non-insert form actions normally in the media dialog (#1005) (Damian Mooyman)
- 2019-09-10 591b88a9b Allow infinite loop when calling DataObject::writeComponent() recursively (Maxime Rainville)
- 2019-09-03 b0a6973 Remove Default DropzoneJS Timeout of 30s (#985) (Joe Harvey)
- 2019-08-29 77ba8391c Byte Order Marks (BOM) are now stripped when importing CSV files (Robbie Averill)
- 2019-08-28 73f43c6f4 Remove placeholder text on new group form (Maxime Rainville)
- 2019-08-26 314a906 Fix the jstree styles so that the selected states are more visible (bergice)
- 2019-08-23 5845ac6 Prevent breadcrumb item styles from bleeding into non-react (Maxime Rainville)
- 2019-08-23 94d6c80 enter to submit form not working on
Add new page
(bergice) - 2019-08-14 9889015 Display breadcrumb element from left to right (#925) (Guy Marriott)
- 2019-08-13 1c548cb jstree state when saving a page by retaining the open/closed state and selected node state. (bergice)
- 2019-08-09 a2e98dc Display breadcrumb element from left to right (Maxime Rainville)
- 2019-08-09 3d989a6ea Use content generated by DataColumns component for print and csv export (Guy Marriott)
- 2019-07-29 5c794dfcd Prevent setting session value when no session exists yet (Robbie Averill)
- 2019-07-25 40cd66852 Fixed issue where multiple relationship sort order columns would be lost in favor of only the last relationship column in the sort order (UndefinedOffset)
- 2019-07-17 ef25468 Inline toolbar placement now works in HTMLEditorFields with less than 6 rows (Robbie Averill)
- 2019-07-12 fcd7a1e63 core memory limit test (Serge Latyntcev)
- 2019-06-27 183371b Update CSS for sitetree new page columns to use new classna… (#899) (Guy Marriott)
- 2019-06-27 b9dcf070 Change sitetree new page column class naming to avoid conf… (#2449) (Guy Marriott)
- 2019-06-26 b01dc580e Protect against undefined index when using nullifyEmpty opt… (#9090) (Guy Marriott)
- 2019-06-25 c76d3a5db Protect against undefined index when using nullifyEmpty option (Robbie Averill)
- 2019-06-19 260c89fd5 Fix of delimiter not used bug (Mario Sommereder)
- 2019-06-19 4df7c21 Update CSS for sitetree new page columns to use new classname, fix item placement within (Mikaela Young)
- 2019-06-19 73f4e8c8 Change sitetree new page column class naming to avoid conflicts with bootstrap (Mikaela Young)
- 2019-06-13 562a8a5 Add FolderNameFilter class: folder names no longer allow dots, and are replaced with dashes (Robbie Averill)
- 2019-06-05 bcc55e2 Update modal designs to match design pattern library (Guy Marriott)
- 2019-04-12 7592db91 VirtualPage missing methods from target page (fixes #2408) (Loz Calver)