SilverStripe 4.11.0

28 June 2022

SilverStripe version 4.11.0 is now available (major release).

What's New in SilverStripe 4.11.0

• CVE-2022-28803 - Stored XSS in link tags added via XHR Severity: Medium
  
• CVE-2022-25238 - Stored XSS via HTML fields Severity: Medium
  
• CVE-2021-41559 - Quadratic blowup in Convert::xml2array() Severity: Medium
  
• CVE-2022-24444 - Hybridsessions does not expire session id on logout Severity: Medium
  
• CVE-2022-29858 - Unpublished, protected files can be published via shortcode Severity: Medium
  

• Adding support for PHP 8.1: The Silverstripe CMS recipe now officially supports PHP 8.1.
  
• Dropping support for PHP 7.3: In accordance with our PHP support policy, Silverstripe CMS Recipe 4.11.0 drops support for PHP 7.3.
  
• GraphQL 4 major release: Silverstripe CMS Recipe 4.11.0 defaults to installing silverstripe/graphql version 4, which has just had a stable release. Previous releases installed version 3.
  
• Upload and use WebP images in the CMS
  
• Preview any DataObject in any admin section
  
• Meta generator tag now shows framework version number
  
• Allow-plugins configuration option in Composer versions 2.2.0 and up
  
• Users will recieve an email if their password is changed