SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for silverstripe-2-2.4.13-1.1.noarch.rpm :
Fri Dec 13 13:00:00 2013 jweberhoferAATTweberhofer.at
- Upgraded to version 2.4.13

* Security: XSS in form validation errors (SS-2013-008)

* Security: XSS in CMS \"Pages\" section (SS-2013-009)

* API: Form validation message no longer allow HTML
- Version 2.4.12

* Disallow permissions assign for APPLY_ROLES (SS-2013-005) (Ingo Schommer)

* Privilege escalation through Group and Member CSV upload (SS-2013-004)
(Ingo Schommer)

* Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
(Ingo Schommer)

* Privilege escalation through Group hierarchy setting (SS-2013-003)
(Ingo Schommer)
- Version 2.4.11

* Constants magic_quotes needs function from Core (Hamish Friedlander)

* Token redirect where in IIS a / needs adding between host & url
(Hamish Friedlander)

* Flush on memory exhaustion and headers sent (Hamish Friedlander)

* Fixed escaping of date in view of archived site. (Sam Minnee)

* Nice errors and allows flush on module removal (Hamish Friedlander)

* Only suppress fatal errors (Hamish Friedlander)

* Fixed TempPath inclusion for phpunit & cli-script (Sam Minnee)

* Actually use argument in getTempFolder (Hamish Friedlander)

* Ignore invalid tokens instead of throwing 403 (Hamish Friedlander)

* Have ParameterConfirmationToken includes work regardless of include
path (Hamish Friedlander)

* Prevent DOS by checking for env and admin on ?flush=1 (#1692)
(Hamish Friedlander)

* SQL Injection in CsvBulkLoader (fixes #6227) (Stephen Shkardoon)

* Transaction stub methods for better cross 2.x and 3.x compat
(Ingo Schommer)

Sun May 19 14:00:00 2013 jweberhoferAATTweberhofer.at
- Renamed package to silverstripe-2
- Administration of instances can now be made using silverstripe-2-admin
- Moved source location to /usr/share/silverstripe-2, please update your
configs
- Moved file to control instances to /etc/silverstripe-2-instances

Sun May 19 14:00:00 2013 jweberhoferAATTweberhofer.at
- Version 2.4.10

* Filter composer files in IIS and Apache rules (fixes #8011)

* Require ADMIN for ?showtemplate=1

* Escape page titles in CommentAdmin table listing

* Undefined $allowed_actions overrides parent definitions, stricter handling
of $allowed_actions on Extension

* Keep Member.PasswordEncryption setting on empty passwords
- Version 2.4.9

* ed travis.yml paths

* Consistently use FormResponse in CMS JavaScript (fixes #8036)

* ed bootstrap.php path in phpunit.xml.dist

* Support for composer-created themes dir structure

* More graceful handling of missing GET data in ModelAdmin

* Relaxed composer version requirements so that stable releases can be created.

* Exclude vendor/ folder from default phpunit run

* Added README with build status

* Added travis support

* Removed .mergesources.yml, not used since the dark SVN days

* Removed custom repo sources from composer.json

* Added composer.json
- Version 2.4.8

* silverstripe_version file now contains the plain version number, rather
than an SVN path

* Ensure that forceSSL and protocol detection respects the X-Forwarded-Protocol header.

* prevent unintended results from getComponentsQuery(...)

* fixing an edge-case bug where a 404-page would get statically published and
overwrite the homepage of the site

* Don\'t\' set \'Referer\' header in FunctionalTest->get()/post() if its
explicitly passed to the method

* fixed array to string conversion to avoid PHP 5.4 warnings

* Fixed phpunit bootstrap relative path

* Manually testing exceptions in SSViewerCacheBlockTest to avoid PHPUnit 3.6 warnings

* Corrected Geoip entries for ex-Yugoslavia ... better late than never

* Backported bootstrap.php changes from master and cstom TeamCity configuration

* On PHPUnit 3.6, show the output of tests.

* Amended PHPUnit execution to work with PHPUnit 3.6

* Fixed grammatical error for Form.FIELDISREQUIRED

* Update widget documentation

* SECURITY Fixed remote code execution vuln in install.php due to inserting
unescaped user data into mysite/_config.php. Not critical because
install.php is required to be removed on a SilverStripe installation anyway

* SECURITY More solid relative/site URL checks

* SECURITY: Ensure javascript content type is sent in form responses. If
content type is html, and the javascript contains script tags within the
content, this content will be executed.

Fri Mar 2 13:00:00 2012 jweberhoferAATTweberhofer.at
- Version 2.4.7

* Security: Cross-site scripting (XSS) on text transformations in templates

* Security: Cross-site scripting (XSS) related to page titles in the CMS

* 2012-01-31 0085876 Casting return values on text helper methods in
StringField, Text, Varchar (Ingo Schommer)

* 2012-01-31 252e187 SECURITY Escape links for SilverStripeNavigatorItem
(Ingo Schommer)

* 2012-01-31 5fe7091 SECURITY Sanitize messages passed to generated JS calls
in FormResponse::status_message(), e.g. to avoid XSS on \'Successfully
published \' messages (Ingo Schommer)

* 2011-09-24 d0af084 Fixes tag syntax (should end with %>, not >%) (simonwelsh)

* 2011-06-09 aa74811 CZ translation for tinymce_ssbuttons plugin (Ladislav Kubes)

Wed Nov 30 13:00:00 2011 jweberhoferAATTweberhofer.at
- Removed .orig file(s)
- Removed google-sitemaps

Tue Nov 8 13:00:00 2011 jweberhoferAATTweberhofer.at
- Upgraded to silverstripe 2.4.6

Fri May 20 14:00:00 2011 opendevelAATTweberhofer.at
- fixed a bug as described in http://open.silverstripe.org/ticket/6639

Wed May 4 14:00:00 2011 opendevelAATTweberhofer.at
- Added patch from http://open.silverstripe.org/attachment/ticket/5547
to enable file-upload when open_basedir restriction has been set
- fixed makealias.sh

Mon May 2 14:00:00 2011 opendevelAATTweberhofer.at
- Initial release of silverstripe 2.4.5 RPM version


  
ICM