SilverStripe 4.11.0
28 June 2022
SilverStripe version 4.11.0 is now available (major release).
What's New in SilverStripe 4.11.0
Security
- CVE-2022-28803 - Stored XSS in link tags added via XHR Severity: Medium
- CVE-2022-25238 - Stored XSS via HTML fields Severity: Medium
- CVE-2021-41559 - Quadratic blowup in Convert::xml2array() Severity: Medium
- CVE-2022-24444 - Hybridsessions does not expire session id on logout Severity: Medium
- CVE-2022-29858 - Unpublished, protected files can be published via shortcode Severity: Medium
What's New
- Adding support for PHP 8.1: The Silverstripe CMS recipe now officially supports PHP 8.1.
- Dropping support for PHP 7.3: In accordance with our PHP support policy, Silverstripe CMS Recipe 4.11.0 drops support for PHP 7.3.
- GraphQL 4 major release: Silverstripe CMS Recipe 4.11.0 defaults to installing silverstripe/graphql version 4, which has just had a stable release. Previous releases installed version 3.
- Upload and use WebP images in the CMS
- Preview any DataObject in any admin section
- Meta generator tag now shows framework version number
- Allow-plugins configuration option in Composer versions 2.2.0 and up
- Users will recieve an email if their password is changed