SilverStripe 2.2.3 released - recommend hot fix

by: Sam

31 Oct 2008

8 Comments

Tags: ,

Previous post

Next post

We have a new release of SilverStripe available: 2.2.3

IMPORTANT NOTE

This release of SilverStripe fixes an issue that came to the attention of the SilverStripe development team earlier today.  It could potentially let malicious users bypass the CMS security. For this reason, we strongly recommend that you upgrade all of your sites.

If you would like to apply this fix manually, the relevant patch is available here:

http://open.silverstripe.com/changeset/64988/
http://open.silverstripe.com/changeset/64988/?format=diff&new=64988

Thanks,
Sam

Post your comment

Comments for this post are now closed.

Comments

RSS

Just downloaded this version 2.2.3 and ran the online new install. Keep getting the error.....

Fatal error: Class 'Form' not found in /......./sapphire/security/Member.php on line 1054.

Tried running the install.php from both Firefox and IE with same Fatal Error.

Cannot continue. Any solutions available?

21 Nov 2008 by: Mauricio Vas - Ulysses Solutions Limited

What, no publicity about this release, not I feel like a lucky stumbler who has got something before everyone else.

11 Nov 2008 by: reuben

Is this security fix also important for 2.2.2 user?

And if, is there someway to copy code without the line nr?
And with what do I open the .diff file.

Sorry for maybe stupid questions but I am really a newbie.
J

6 Nov 2008 by: Joakim

Homepage has been updated.

@matt, please subscribe to official SilverStripe release announcements email at http://groups.google.com/group/silverstripe-announce to learn of new releases :)

4 Nov 2008 by: Sigurd Magnusson

I see it on the download page, and it was announced on silverstripe-announce

4 Nov 2008 by: Simon Welsh

How come this isn't on the download page - and how come it wasn't announced on any of the mailing lists?

4 Nov 2008 by: Matt Hardwick

1 small update about i18n. I'll pass for 2.3 or further versions. Without well worked i18n it's useless for me =( But anyway thanks for security updates.

31 Oct 2008 by: Aleksandr Sugard

Hi Sam!

Maybe some users would be happy about this link:

http://doc.silverstripe.com/doku.php?id=upgrading

It's no big deal to find this doc, but it's always more comfortable to get an advise how to upgrade then having to search for it. So maybe you could add it to your blogpost.

Thanks for your hard work and greetings from Germany,

Peter

31 Oct 2008 by: ptr