Versions:

This document contains information for an outdated version and may not be maintained any more. If some of your projects still use this version, consider upgrading as soon as possible.

3.0.14

Overview

This release includes a fix for flush or isDev querystring parameters to be set via unauthenticated requests, as well as some other minor security fixes.

Security

  • 2015-05-22 cb6717c Fix handling of empty parameter token (Damian Mooyman) - See [ss-2015-014](http://www.silverstripe.org/download/security-releases/ss-2015-014)
  • 2015-05-25 c14e7f6 Fix malformed urls redirecting to external sites (Damian Mooyman) - See [ss-2015-012](http://www.silverstripe.org/software/download/security-releases/ss-2015-012)
  • 2015-05-22 5f6ac27 Bug fix sqlquery select (Damian Mooyman) - See [ss-2015-011](http://www.silverstripe.org/software/download/security-releases/ss-2015-011)

Was this article helpful?