Patch releases 3.4.6 and 3.5.4 have been released. In addition, 3.6.0 has been released, and introduces support for PHP 7.
These releases include some low-severity security fixes. These include:
- [ss-2017-002] Member disclosure in login form
- [ss-2017-003] XSS in redirector page
- [ss-2017-004] XSS in page history comparison
Releases notes for each of the above can be found at:
As this is the first release in the 3.6 minor version branch, this also marks the end of life of 3.4 and below. Users are advised to upgrade to at least 3.5.4.
To get setup, you can install this using composer (as below):
composer create-project silverstripe/installer ./ss35 3.6.0
You can also download pre-built zip / tar from http://www.silverstripe.org/download.
Damian Mooyman | Senior Platform Developer