Skip to content
This repository
Browse code

Added 2.4.8-rc1 changelog

  • Loading branch information...
commit f365134375688fa06ab5642e9c950bd1ff901ea2 1 parent 1181ba0
Ingo Schommer authored October 16, 2012

Showing 1 changed file with 42 additions and 0 deletions. Show diff stats Hide diff stats

  1. 42  docs/en/changelogs/rc/2.4.8-rc1.md
42  docs/en/changelogs/rc/2.4.8-rc1.md
Source Rendered
... ...
@@ -0,0 +1,42 @@
  1
+# 2.4.8-rc1 #
  2
+
  3
+## Overview ##
  4
+
  5
+ * Security (Moderate Severity): More solid relative/site URL checks (related to "BackURL" redirection).
  6
+ * Security (Moderate Severity): Ensure javascript content type is sent in form responses. If content type is html, and the javascript contains script tags within the content, this content will be executed.
  7
+ * Security (Low Severity): Fixed remote code execution vuln in install.php due to inserting unescaped user data into mysite/_config.php. Not critical because install.php is required to be removed on a SilverStripe installation anyway
  8
+
  9
+## Details
  10
+
  11
+### API Changes
  12
+
  13
+ * 2012-02-01 [bf4476a](https://github.com/silverstripe/sapphire/commit/bf4476a) silverstripe_version file now contains the plain version number, rather than an SVN path (Ingo Schommer)
  14
+ * 2012-02-01 [4abe136](https://github.com/silverstripe/silverstripe-cms/commit/4abe136) silverstripe_version file now contains the plain version number, rather than an SVN path (Ingo Schommer)
  15
+
  16
+### Features and Enhancements
  17
+
  18
+ * 2012-02-03 [921bf9a](https://github.com/silverstripe/sapphire/commit/921bf9a) Ensure that forceSSL and protocol detection respects the X-Forwarded-Protocol header. (Sam Minnee)
  19
+
  20
+### Bugfixes
  21
+
  22
+ * 2012-09-14 [8ec6312](https://github.com/silverstripe/sapphire/commit/8ec6312) to prevent unintended results from getComponentsQuery(...) (stozze)
  23
+ * 2012-07-09 [838ac97](https://github.com/silverstripe/silverstripe-cms/commit/838ac97) fixing an edge-case bug where a 404-page would get statically published and overwrite the homepage of the site (this would sometimes happen when a RedirectorPage was set to an external URL and still referenced an internal page ID) (Julian Seidenberg)
  24
+ * 2012-05-04 [392543b](https://github.com/silverstripe/sapphire/commit/392543b) Don't' set 'Referer' header in FunctionalTest->get()/post() if its explicitly passed to the method (Ingo Schommer)
  25
+
  26
+### Minor changes
  27
+
  28
+ * 2012-08-15 [7669871](https://github.com/silverstripe/sapphire/commit/7669871) fixed array to string conversion to avoid PHP 5.4 warnings (Adam Skrzypulec)
  29
+ * 2012-05-29 [039a372](https://github.com/silverstripe/silverstripe-installer/commit/039a372) Fixed phpunit bootstrap relative path (Ingo Schommer)
  30
+ * 2012-05-14 [b211c38](https://github.com/silverstripe/sapphire/commit/b211c38) Manually testing exceptions in SSViewerCacheBlockTest to avoid PHPUnit 3.6 warnings (Ingo Schommer)
  31
+ * 2012-03-30 [c1d2cd1](https://github.com/silverstripe/sapphire/commit/c1d2cd1) Corrected Geoip entries for ex-Yugoslavia ... better late than never (Ingo Schommer)
  32
+ * 2012-03-14 [44b9d05](https://github.com/silverstripe/sapphire/commit/44b9d05) Backported bootstrap.php changes from master and cstom TeamCity configuration (required to run tests through phpunit binary) (Ingo Schommer)
  33
+ * 2011-12-17 [af22d07](https://github.com/silverstripe/sapphire/commit/af22d07) On PHPUnit 3.6, show the output of tests. (Sam Minnee)
  34
+ * 2011-11-08 [5956ad8](https://github.com/silverstripe/sapphire/commit/5956ad8) Amended PHPUnit execution to work with PHPUnit 3.6 (Sam Minnee)
  35
+
  36
+### Other
  37
+
  38
+ * 2012-10-05 [1c7b7d0](https://github.com/silverstripe/sapphire/commit/1c7b7d0) Fixed grammatical error for Form.FIELDISREQUIRED (Will Morgan)
  39
+ * 2012-08-08 [f6c69d5](https://github.com/silverstripe/sapphire/commit/f6c69d5) Update widget documentation (fixes #706) (Will Rossiter)
  40
+ * 2012-05-16 [b7c8737](https://github.com/silverstripe/silverstripe-installer/commit/b7c8737) SECURITY Fixed remote code execution vuln in install.php due to inserting unescaped user data into mysite/_config.php. Not critical because install.php is required to be removed on a SilverStripe installation anyway (fixes #7205) (Ingo Schommer)
  41
+ * 2012-05-04 [46064f8](https://github.com/silverstripe/sapphire/commit/46064f8) SECURITY More solid relative/site URL checks (related to "BackURL" redirection) (Ingo Schommer)
  42
+ * 2012-05-03 [9bf3ae9](https://github.com/silverstripe/sapphire/commit/9bf3ae9) SECURITY: Ensure javascript content type is sent in form responses. If content type is html, and the javascript contains script tags within the content, this content will be executed. (Andrew O'Neil)

0 notes on commit f365134

Please sign in to comment.
Something went wrong with that request. Please try again.