Security Releases

When potential security holes are discovered in SilverStripe CMS, we produce security releases to ensure that you are able to promptly secure your SilverStripe websites.  In addition to being available on the Stable Download page and announced on the Release Announcements Google Group, the security releases will be posted here.

31 January 2012

18 October 2011

21 December 2010

  • SilverStripe v2.4.4 - SQL information disclosure, SQL injection in Translatable extension, Cross Site Request Forgery in various CMS interfaces, XSS in controller action handling (details)
  • SilverStripe v2.3.10 - SQL injection in Translatable extension, Cross Site Request Forgery in various CMS interfaces, XSS in controller action handling (details)

11 November 2010

  • SilverStripe v2.4.3 - Cross Site Request Forgery in various CMS interfaces and page comments, increased file extension upload security through whitelisting (details)
  • SilverStripe v2.3.9 - Cross Site Request Forgery in various CMS interfaces and page comments (details)

22 September 2010

23 July 2010

  • SilverStripe v2.4.1 - File extension checks, installer security, information disclosure through PHP file execution, passwords not encrypted in certain UI actions (details)
  • SilverStripe v2.3.8 - File extension checks, information disclosure through PHP file execution (details)

18 March 2010

  • SilverStripe v2.3.7 - Privilege escalation exploit, unauthenticated remote removal of index.php under certain conditions

8 February 2010

21 January 2010

8 July 2009

20 March 2009

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.