Versions:

This document contains information for an outdated version and may not be maintained any more. If some of your projects still use this version, consider upgrading as soon as possible.

3.1.17

Change Log

Security

  • 2016-02-17 37059eb Hostname, IP and Protocol Spoofing through HTTP Headers (Ingo Schommer) - See ss-2016-003
  • 2016-02-17 5d2fc0d Block unauthenticated access to dev/build/defaults (Damian Mooyman) - See ss-2015-028
  • 2016-02-17 013524a Ensure Gridfield actions respect CSRF (Damian Mooyman) - See ss-2016-002

Bugfixes

  • 2016-02-16 644c807 Use correct formaction for doRollback exemption #1378 (Andrew Aitken-Fincham)
  • 2016-01-05 00544ff session_regenerate_id uses config system (Daniel Hensby)
  • 2016-01-05 4335d8e Members with no ID inherit logged in user permission (Daniel Hensby)
  • 2015-11-18 e9b833f ConfirmedPassword field correctly reports mismatching passwords (Christopher Darling)
  • 2015-11-05 f577ecb prevent use cache on browser back button (Igor Nadj)

Was this article helpful?