Overview

This upgrade is a hotfix, only updating Framework up to the version 3.7.5, which includes some minor bugfixes and two security patches (listed below).

Upgrading to Recipe 1.9.4 is recommended for all CWP sites. This upgrade can be carried out by any development team familiar with Silverstripe CMS. However, if you would like Silverstripe's assistance, you can request support via the Service Desk.

Security considerations

This release includes the following security fixes:

Change Log

Security

  • 2020-04-28 98926e4e6 Stop honouring X-HTTP-Method-Override header, X-Original-Url header and _method POST variable. Add SS_HTTPRequest::setHttpMethod(). (Maxime Rainville) - See cve-2019-19326
  • 2020-04-23 d3b23e702 Escape First Name when displaying re-login screen (Maxime Rainville) - See cve-2020-9311
  • 2019-09-16 a86093fee Session fixation in "change password" form (Serge Latyntcev) - See cve-2019-12203
  • 2019-01-10 c44f06cdf Patch SQL Injection vulnerability when arrays are assigned to DataObject Fields (Aaron Carlino) - See ss-2018-021

Was this article helpful?