Versions:

This document contains information about a future release and not the current stable version (4). Be aware that information on this page may change and API's may not be stable for production use.

3.1.17

Change Log

Security

  • 2016-02-17 37059eb Hostname, IP and Protocol Spoofing through HTTP Headers (Ingo Schommer) - See ss-2016-003
  • 2016-02-17 5d2fc0d Block unauthenticated access to dev/build/defaults (Damian Mooyman) - See ss-2015-028
  • 2016-02-17 013524a Ensure Gridfield actions respect CSRF (Damian Mooyman) - See ss-2016-002

Bugfixes

  • 2016-02-16 644c807 Use correct formaction for doRollback exemption #1378 (Andrew Aitken-Fincham)
  • 2016-01-05 00544ff session_regenerate_id uses config system (Daniel Hensby)
  • 2016-01-05 4335d8e Members with no ID inherit logged in user permission (Daniel Hensby)
  • 2015-11-18 e9b833f ConfirmedPassword field correctly reports mismatching passwords (Christopher Darling)
  • 2015-11-05 f577ecb prevent use cache on browser back button (Igor Nadj)

Was this article helpful?