@alanhartless alanhartless released this Jul 25, 2018 · 1528 commits to staging since this release

Assets 4

Change Log

Security

  • Prevented updating custom fields that were not set as publicly updateable
  • Fixed theme's Author URL XSS vulnerability (Reported by @joanbono)
  • Fixed company name XSS vulnerability (Reported by @joanbono)

Features

Enhancements

Bugs

Dev Notes

A big thank you to the following community members for contributing to this release either by code or bug report: @alanhartless, @Dcoutelle, @dongilbert, @Dreiser, @Enc3phale, @enguerr, @escopecz, @GaberNeighbor, @GabriGreese, @guillaumedufour, @hammad-tfg, @heathdutton, @isleshocky77, @johbuch, @jonasstinkens, @justinfortes, @kuzmany, @luizeof, @Maxell92, @maxlawton, @Mazzim, @mtahiue, @Noa83, @npracht, @panchtatvam, @r-martins, @rc125, @sarahwernik, @scottshipman, @snoek8, @stoneddesigner, @tadinski, @Woeler, @yrammos

SHA1 for 2.14.0.zip = 1a926d8d3752c85bc3cc2543625d8762e44ca206
SHA1 for 2.14.0-update.zip = faab69da1ad5303523450195838e0ef126104832