Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Releases and Announcements /

Latest news about the SilverStripe software.

Moderators: martimiz, Sean, Ed, biapar, assertchris, Willr, Ingo, swaiba, Graves

SilverStripe 3.0.14 / 3.1.13 Security Releases


Go to End


1993 Views

Avatar
tractorcow

Community Member, 63 Posts

28 May 2015 at 7:42pm

SilverStripe 3.1.13 is now available, and all users of 3.1.12 or below are highly advised to upgrade as soon as possible.

This release contains several bugfixes, including several security issues related to hostname injection, as well as an unauthenticated vulnerability in ?flush or ?isDev query parameters.

SilverStripe 3.0.14 is also available and contains the same security fix for ?flush or ?isDev. Users of 3.0.13 are advised to upgrade to this version as soon as possible.

Release notes: http://docs.silverstripe.org/en/changelogs/3.1.13/
Download: http://www.silverstripe.org/software/download/
Announcement: https://groups.google.com/forum/#!topic/silverstripe-announce/FsbOYpcxGik