SilverStripe 2.4.1 Update

Posted by on 23 July 2010

We're pleased to announce 2.4.1, our first update to the 2.4 codebase. You can check a full list of changes in our changelog, but here are some highlights:

  • Fixed a bug where logged-in CMS authors were allowed to rename files with harmful extensions in the "Files & Images" section
  • Improved installer security by disallowing re-installation when a configuration file is already present.
  • Installing in "live mode" instead of "dev mode" by default, and avoid setting certain domains as "dev mode" by default. This fixes an issue where attackers were able to force a site into "dev mode" by spoofing the domain name on certain server configurations.
  • Fixed password encryption when saving members through the "Add Member" dialog in the "Security" admin. The saving process was disregarding password encyrption and saving them as plaintext (issue was introduced in 2.4.0)
  • Fixed potential information disclosure on misconfigured servers by disallowing direct execution of *.php files in "sapphire", "cms" and "mysite" folders. If PHP was configured to show errors on screen (development setting), attackers could find out server paths and other environment information.
  • Allow CMS authors to set their own localized date and time formats, independently from the defaults set through their interface language.
  • More useable date picker (jQuery UI) for date form fields (both in the CMS and in website forms)
  • Better URL "transliteration" of special characters like Umlauts or Macrons (Example URL in German: "Brötchen für alle!", URL in 2.4.0: "brtchen-fr-alle", URL in 2.4.1: "broetchen-fuer-alle")
  • Better batch editing of comments in the admin interface (e.g. marking multiple comments as "spam")
  • More sophisticated access control for decorators on page types (tri-state permissions checks: allow, deny, ignore).
  • Added a Latvian translation of the CMS interface (thanks Kristaps and Andris!)

Mostly, however, 2.4.1 is a security release for vulnerabilities discovered recently and contains all enhancements and bugfixes since the 2.4.0 release. 

We'd also like to thank those in our community who took the time to submit bug reports and test SilverStripe!

You can download 2.4.1 here (please read our installation instructions and upgrade notes).

If you're still using the 2.3.x version of SilverStripe CMS, you can check out the 2.3.8 changelog here.

9 Comments

Post your comment

Note: Comments are moderated and won't show until they are approved

Comments

  • Hi all - thanks for your interest in the 2.4.1 update!

    zoopedia - if you have other issues remaining in 2.4.1, have you added these to open.silvestripe.org as bugs?

    banal & arda: glad to see you interest in transliteration; let us know if there's anything we can do to make our core product need less patching for your work.

    maciej: our release schedule is not tightly defined; whatever we have in place is advertised at open.silverstripe.org/roadmap and discussed in our silverstripe-dev list on Google Groups.

    mike: yes, that's fine. 2.4.0 is not needed as an intermediate upgrade however you would be best to review the upgrade *notes* for both 2.4.0 and 2.4.1.

    Posted by Sigurd, 1 year ago

  • Hi Guys

    Is it fine to upgrade directly from 2.3 to 2.4.1 or should go to 2.4 first?

    Thanks
    Mike

    Posted by Mike Gane, 1 year ago

  • I welcome the MathSpamProtection Polish translation. 1 thing less to fix when I'm doing my SS installations.

    Posted by mangcing, 2 years ago

  • perfect work, thx for bugfixing!
    especially for the jquery datepicker

    Posted by m-phil, 2 years ago

  • Nice update :) We always patch updateurl.js. because of turkish characters. If transliteration will work, we will not anymore patch. Also Calendar field update is nice.

    Posted by arda, 2 years ago

  • On a side note... Is there a release schedule for silverstripe or a timelined roadmap for tracking?

    Maciej

    Posted by Maciej, 2 years ago

  • Hi!

    Diffstat from 2.4.0 to 2.4.1 says:
    266 files changed, 7235 insertions(+), 3585 deletions(-)

    I welcome the MathSpamProtection Polish translation. 1 thing less to fix when I'm doing my SS installations.

    Thanks!

    Posted by Maciej, 2 years ago

  • Great stuff! Thanks a lot for the good work.
    I especially like the "transliteration" feature, that will save me (and my clients) some tedious URL renaming work :)

    Posted by banal, 2 years ago

  • nice, the 2.4.0 was not so stable. I hope thee new release is better, i will test it.

    Posted by zoopmedia, 2 years ago

RSS feed for comments on this page | RSS feed for all comments

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.