Versions:

3.1.17

Change Log

Security

  • 2016-02-17 37059eb Hostname, IP and Protocol Spoofing through HTTP Headers (Ingo Schommer) - See ss-2016-003
  • 2016-02-17 5d2fc0d Block unauthenticated access to dev/build/defaults (Damian Mooyman) - See ss-2015-028
  • 2016-02-17 013524a Ensure Gridfield actions respect CSRF (Damian Mooyman) - See ss-2016-002

Bugfixes

  • 2016-02-16 644c807 Use correct formaction for doRollback exemption #1378 (Andrew Aitken-Fincham)
  • 2016-01-05 00544ff session_regenerate_id uses config system (Daniel Hensby)
  • 2016-01-05 4335d8e Members with no ID inherit logged in user permission (Daniel Hensby)
  • 2015-11-18 e9b833f ConfirmedPassword field correctly reports mismatching passwords (Christopher Darling)
  • 2015-11-05 f577ecb prevent use cache on browser back button (Igor Nadj)

Was this article helpful?