This document contains information for an outdated version and may not be maintained any more. If some of your projects still use this version, consider upgrading as soon as possible.
- Security: Cross-site scripting on text transformations in templates
- Security: Cross-site scripting (XSS) related to page titles in the CMS
Upgrading Notes ##
- 2012-01-31 15e9e05 Casting return values on text helper methods in StringField, Text, Varchar (Ingo Schommer)
- 2009-05-26 acf9e01 Don't break CMS tree if HTML gets into MenuTitle (Sam Minnee)
- 2012-01-31 475e077 SECURITY Sanitize messages passed to generated JS calls in FormResponse::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages (Ingo Schommer)