Overview

This release includes the silverstripe/hybridsessions:2.1.2 update.

Upgrading to CWP 2.3.1 is recommended for CWP sites with Active DR, or ones manually activating the silverstripe/hybridsessions module. This upgrade can be carried out by any development team familiar with SilverStripe CMS, however if you would like SilverStripe's assistance, you can request support via the Service Desk.

Description

The issue breaks browser based ?flush, ?isTest and dev/ urls, when used with SilverStripe 4.4.0. The fix can be applied to existing CWP environments with existing session data managed in MySQL. It will not cause users to lose session data, or be logged out of the CMS. On subsequent writes to existing sessions, existing session data will automatically be converted to a binary-safe persistence format. New sessions will be persisted in the correct format by default.

Technical details

We identified a binary safety issue in SilverStripe\HybridSessions\Store\DatabaseStore that may lose session data when trying to persist content different from UTF-8 encoded text.

Here is an example:

$_SESSION['key_a'] = iconv('utf8', 'utf16', 'test');
$_SESSION['key_b'] = "\x80";

Both keys in the session above are valid PHP strings, but are not valid UTF-8. Before the fix silverstripe/hybridsessions was not be able to save that session value to the database.

Change Log

Features and Enhancements

  • 2019-05-31 7194e95 CWP pages now use font icons instead of images (Robbie Averill)

Bugfixes

  • 2019-06-30 99b4f7c DatabaseStore binary safety (Serge Latyntcev)

Other changes

  • 2019-06-14 40ad8d1 DOCS Twig improvements to change log template (Bryn Whyman)
  • 2019-06-14 829fabe DOCS new headings for change log template (Bryn Whyman)
  • 2019-06-13 fe202c6 DOCS update 2.3 changelog to reference 4.4.1 (Bryn Whyman)
  • 2019-05-09 3fcebd6 Update translations (Robbie Averill)

Was this article helpful?