This document contains information about a future release and not the current stable version (4). Be aware that information on this page may change and API's may not be stable for production use.

2.3.7 (2010-03-18)



  • [rev:101229] Don't delete index.php after successful installation - in ContentController->deleteinstallfiles(). URL routing might rely on it without mod_rewrite.
  • [rev:101229] Require ADMIN permissions for ContentController->deleteinstallfiles() - together with retaining index.php this removed a vulnerability where unauthenticated users can disrupt mod_rewrite-less URL routing. (from r101227)
  • [rev:100744] Fixing Member_ProfileForm to validate for existing members via Member_Validator to avoid CMS users to switch to another existing user account by using their email address (from r100704) (from r100717)

Created with: ./sscreatechangelog --version 2.3.7 --branch branches/2.3 --stopbranch tags/2.3.6

Was this article helpful?