This document contains information for an outdated version and may not be maintained any more. If some of your projects still use this version, consider upgrading as soon as possible.

2.3.13 (2012-02-01)


  • Security: Cross-site scripting on text transformations in templates
  • Security: Cross-site scripting (XSS) related to page titles in the CMS

Upgrading Notes

See 2.4.7.



  • 2012-01-31 15e9e05 Casting return values on text helper methods in StringField, Text, Varchar (Ingo Schommer)
  • 2009-05-26 acf9e01 Don't break CMS tree if HTML gets into MenuTitle (Sam Minnee)


  • 2012-01-31 475e077 SECURITY Sanitize messages passed to generated JS calls in FormResponse::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages (Ingo Schommer)

Was this article helpful?