Version 4 end of life
This version of Silverstripe CMS will not recieve any additional bug fixes or documentation updates. Go to documentation for the most recent stable version.

4.4.4

Change log

Security

  • 2019-09-23 8b7063a8e Fix access escalation for CMS users with limited access through permission cache pollution (Serge Latyntcev) - See cve-2019-12617
  • 2019-09-16 eccfa9b10 Session fixation in "change password" form (Serge Latyntcev) - See cve-2019-12203
  • 2019-08-20 f98a59de install.php warning does not account for public dir (Aaron Carlino) - See cve-2019-12204
  • 2019-08-17 8c7a719 Broken access control on files due to session grant (Aaron Carlino) - See cve-2019-14273
  • 2019-05-21 73e0cc6 Fix incorrect access control vulnerability with unwritten files in protected folders (Robbie Averill) - See cve-2019-12245

Features and enhancements

  • 2019-09-18 1308911 Add task to remove/protect _versions folders (Aaron Carlino)

Bugfixes

  • 2019-09-24 3659f2888 Add 'legal empty attributes' to allow empty alt values on i… (#9257) (Guy Marriott)
  • 2019-09-23 0d27f32cc Add 'legal empty attributes' to allow empty alt values on imgs (Garion Herman)
  • 2019-09-23 fc536fa Update Apache .htaccess for new access directives (Dylan Wagstaff)
  • 2019-09-20 ea363fc Correctly process all non-insert form actions normally in the media dialog (#1005) (Damian Mooyman)
  • 2019-09-16 6a1c6ecec Fix administrators not being able to see files that are restricted to groups (bergice)
  • 2019-09-10 591b88a9b Allow infinite loop when calling DataObject::writeComponent() recursively (Maxime Rainville)
  • 2019-09-03 b0a6973 Remove Default DropzoneJS Timeout of 30s (#985) (Joe Harvey)
  • 2019-09-02 9f19a9b make the actions consistent on the grid field items to what they look like on pages (#242) (Andre Kiste)
  • 2019-08-29 194ec84 content block editing breaking when editing using IE11 by adding Event constructor polyfill (bergice)
  • 2019-08-29 77ba8391c Byte Order Marks (BOM) are now stripped when importing CSV files (Robbie Averill)
  • 2019-08-28 73f43c6f4 Remove placeholder text on new group form (Maxime Rainville)
  • 2019-08-27 2f8d847a1 make the grid field actions consistent to what they look like on pages (bergice)
  • 2019-08-26 d2a07b104 Remove error when exporting a column that is not displayed in a GridField (Will Rossiter)
  • 2019-08-26 314a906 Fix the jstree styles so that the selected states are more visible (bergice)
  • 2019-08-26 8b22e3b Update LegacyThumbnailMigrationHelper to carry on if it hits a fileID it can't parse (Maxime Rainville)
  • 2019-08-23 5845ac6 Prevent breadcrumb item styles from bleeding into non-react (Maxime Rainville)
  • 2019-08-23 94d6c80 enter to submit form not working on Add new page (bergice)
  • 2019-08-22 841c855 Ensure dataobjects are unpublished during the delete mutation (Guy Marriott)
  • 2019-08-22 4cb4d46 react-select clears input on search. Monkey patch, needs upgrade (Aaron Carlino)
  • 2019-08-18 ab4ccb8 Update LegacyFileIDHelper to understand pre-SS33 variant FileID (Maxime Rainville)
  • 2019-08-13 1c548cb jstree state when saving a page by retaining the open/closed state and selected node state. (bergice)
  • 2019-07-29 0abfed3e0 Skip md5-ing the whole contents of a stream for etags (Guy Marriott)
  • 2019-04-12 7592db91 VirtualPage missing methods from target page (fixes #2408) (Loz Calver)
Edit on Github