Administrator / test_1

Blame view

framework/docs/en/04_Changelogs/3.0.6.md 2.66 KB
Edit Raw Normal View History
0084d336   Administrator   Importers CRUD 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
  # 3.0.6
  
  ## Overview
  
   * Security: Require ADMIN for `?flush=1` (stop denial of service attacks)
   ([#1692](https://github.com/silverstripe/silverstripe-framework/issues/1692))
   * API: Disable discontinued Google Spellcheck in TinyMCE. Replaced by browser-based spellchecking if available (Chrome, Firefox)
  
  ## Details
  
  ### Security: Require ADMIN for ?flush=1 (SS-2013-001)
  
  See [announcement](http://www.silverstripe.org/ss-2013-001-require-admin-for-flush1/)
  
  ### Security: Privilege escalation through Group hierarchy setting (SS-2013-003)
  
  See [announcement](http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/)
  
  ### Security: Privilege escalation through Group and Member CSV upload (SS-2013-004)
  
  See [announcement](http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/)
  
  ### Security: Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
  
  See [announcement](http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/)
  
  ### Security: Information disclosure in Versioned.php (SS-2013-006)
  
  See [announcement](http://www.silverstripe.org/ss-2013-006-information-disclosure-in-versioned/)
  
  ### Security: Privilege escalation through Group hierarchy setting (SS-2013-003)
  
  See [announcement](http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/)
  
  ### Security: Privilege escalation through Group and Member CSV upload (SS-2013-004)
  
  See [announcement](http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/)
  
  ### Security: Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
  
  See [announcement](http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/)
  
  ## Upgrading
  
   * If you have created your own composite database fields, then you should amend the setValue() to allow the passing of
     an object (usually DataObject) as well as an array.
   * If you have provided your own startup scripts (ones that include core/Core.php) that can be accessed via a web
     request, you should ensure that you limit use of the flush parameter
   * Translation entity namespaces can no longer contain dots, since it conflicts with the YAML format. 
   * Translation entities defined in templates now use their fully qualified entity name without dots.
     Before: `BackLink_Button.ss.Back`, after `BackLink_Button_ss.Back`. Please fix any custom language
     files or uses of those entities in custom code.
   * If using "Māori/Te Reo" (mi_NZ) as your CMS locale, please re-select it in `admin/myprofile`
     to ensure correct operation (it has changed its locale identifier)