Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

 

High Severity Security Issue (CVE-2019-5715)

SilverStripe has recently become aware of a security vulnerability affecting the majority of SilverStripe sites on 3.x and 4.x release lines.

Read post

SilverStripe has recently become aware of a security vulnerability affecting the majority of SilverStripe sites on 3.x and 4.x release lines.

In certain circumstances, this vulnerability could expose database content such as draft content or user details. We have found no evidence in our own hosting environments that this vulnerability has been exploited or that any data has been exposed. This vulnerability is relatively difficult to discover and was not identified in regular internal code reviews, external code reviews, or penetration tests.

Updated releases for all supported minor releases in SilverStripe 3.x and 4.x were made available earlier today (3.6.7, 3.7.3, 4.0.7, 4.1.5, 4.2.4, 4.3.1). If you are using SilverStripe, it is highly recommended that you plan for an upgrade as soon as possible to ensure your sites remain secure.

SilverStripe 3.x is supported until September 2020, and this vulnerability does not force you to upgrade to SilverStripe 4.x. Websites which are already on SilverStripe 4.x are less impacted by this vulnerability, due to general improvements to the security foundations on this newer codebase. While this might be a good opportunity to review the case for a SilverStripe 4.x upgrade, it’s more important to keep your site secure on the short term.

Read the full security release announcement for technical details. 

To receive future pre-disclosure communications, please subscribe for our pre-disclosure mailing list.

About the author
Matt Neumann

Matt is a Service Delivery professional with over ten years experience both from the vendor's perspective and from within government and financial services organisations across New Zealand and Australia. 

Outside work, he enjoys immersing himself in Wellington's emerging Craft Beer scene and is also an accomplished home (micro) brewer.

Post your comment

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments

Like what you have read?

Sign up for our weekly blog digest sent to your inbox.

Subscribe