This document contains information about a future release and not the current stable version (4). Be aware that information on this page may change and API's may not be stable for production use.

2.3.13 (2012-02-01)


  • Security: Cross-site scripting on text transformations in templates
  • Security: Cross-site scripting (XSS) related to page titles in the CMS

Upgrading Notes

See 2.4.7.



  • 2012-01-31 15e9e05 Casting return values on text helper methods in StringField, Text, Varchar (Ingo Schommer)
  • 2009-05-26 acf9e01 Don't break CMS tree if HTML gets into MenuTitle (Sam Minnee)


  • 2012-01-31 475e077 SECURITY Sanitize messages passed to generated JS calls in FormResponse::status_message(), e.g. to avoid XSS on 'Successfully published <page title>' messages (Ingo Schommer)

Was this article helpful?