4.5.1

Security patches

This release contains security patches

CVE-2019-1935 (CVSS 7.5)

Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data).

See cve-2019-19325

Change Log

Security

Features and Enhancements

  • 2020-01-14 63b24d7 Add new block icon set for open source use (Sacha Judd)

Bugfixes

  • 2020-02-16 b1576a8 ensure canView check is run on returned items (#8) (Steve Boyd)
  • 2020-02-13 62a68f4 Add back missing edit-write icon (Sacha Judd)
  • 2020-02-11 f7d09b1 Update core requirements to 4.5 series (Garion Herman)
  • 2020-02-10 bddb5ad Update core requirement to 4.5 series (Garion Herman)
  • 2020-02-10 62de5181 Update core requirements to 4.5 series (Garion Herman)
  • 2020-02-10 7436e11d Update core requirements to 4.5 series (Garion Herman)
  • 2020-02-10 2742d74 Update CMS requirement to 4.5 series (Garion Herman)
  • 2020-02-10 664e6c99 Update core requirements to 4.5 series (Garion Herman)
  • 2020-02-10 ad5858a Update core requirements to 4.5 series (Garion Herman)
  • 2020-02-10 5053663 Update core requirements to 4.5 series (Garion Herman)
  • 2020-02-10 93d1acc Update framework requirement to 4.5 series (Garion Herman)
  • 2020-02-05 5dec950 do not render ImageSizePresentList react component for remote files (Steve Boyd)
  • 2020-02-04 ca36a47bb Update ORM DBField types to use Injector in scaffoldFormField() (mnuguid)
  • 2020-01-23 9750538a Update URLSegment field on enter key, rather than saving page (Garion Herman)
  • 2020-01-23 aa31b3d Adjust diff styling to improve accessibility (Garion Herman)
  • 2020-01-23 dd8c2ce temp images not being deleted if error is thrown (bergice)
  • 2020-01-23 76f1abc Changed revert button title when revert is possible. (bergice)
  • 2020-01-22 82a76b93 Fix alert showing for unrelated elements (bergice)
  • 2020-01-07 089053b Make discard confirmations show up when navigating away from editing files (bergice)
  • 2019-12-16 8edf14d VersionedFilesMigrator auto-generated .htaccess directives (Serge Latyntcev)
  • 2019-12-15 fbc37fb Default WasDraft to true when migrating versioned DataObject (#240) (Maxime Rainville)
  • 2019-12-11 e229a98 Fixes #352 with guard for Folder query result (Russell Michell)
  • 2019-12-09 be5234d Reference the correct filters for endswith and startswith (Maxime Rainville)
  • 2019-11-26 04c377f Fix phpcs install, phpunit name (Serge Latyntcev)
  • 2019-11-24 f78b7a5 Update build script to copy images to dist folder (Maxime Rainville)
  • 2019-11-22 af55826 Fix missing dist images (Damian Mooyman)
  • 2019-11-15 64654ec Retrieve file by filename (Maxime Rainville)
  • 2019-11-14 4372544 Fix linting issue in VersionedFilesMigrationTask and VersionedFilesMigrator (Maxime Rainville)
  • 2019-11-04 d32b280 Resolve issue where dev/build does not refresh static content (Damian Mooyman)