SilverStripe 3.0.4
17 February 2013
SilverStripe version 3.0.4 is now available.
Upgrading to SilverStripe 3.0.4
SilverStripe 3.0.4 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply SilverStripe updates as new versions are released, or use Installatron's Clone feature to duplicate an existing SilverStripe install to test the 3.0.4 upgrade prior to applying it live. Get started managing your SilverStripe installations with Installatron
What's New in SilverStripe 3.0.4
3.0.4 provides these security fixes and minor enhancements:
- Security: Undefined or empty $allowed_actions overrides parent definitions (Severity: Important)
- Security: Information leakage through web access on YAML configuration files (Severity: Moderate)
- Security: Information leakage through web access on composer files (Severity: Low)
- Security: Require ADMIN permissions for ?showtemplate=1 (Severity: Low)
- Security: Reflected XSS in custom date/time formats in admin/security (Severity: Low)
- Security: Stored XSS in the "New Group" dialog (Severity: Low)
- Security: Reflected XSS in CMS status messages (Severity: Low)
- API: More restrictive $allowed_actions checks for Controller when used with Extension
- Changed dev/tests/setdb and dev/tests/startsession from session to cookie storage.