The latest CWP quarterly release brings you a quick update to patch a high severity security vulnerability and takes advantage of a number of minor improvements. If your site is yet to update to version 2.7, that release was packed full of features. You can read all about it in the CWP 2.7 release announcement.
As usual, this release follows semantic versioning(external link), so it’s ready to be used in any current CWP project right now.
What’s new in CWP 2.7.1?
This release contains a fix for a high severity security vulnerability. It also includes a small number of minor improvements to Silverstripe CMS. Like with previous quarterly releases, it’s recommended that sites stay up-to-date with the latest version, ensuring you keep your site secure as updates are made available.
Queued jobs security vulnerability
A security vulnerability has been identified and resolved in the queued-jobs module, which is included in all CWP projects. This vulnerability could allow an attacker to craft a malicious URL, and if clicked on by a logged-in CMS user, could put your website at risk.
It is highly recommended that you upgrade your project to CWP 2.7.1 to secure your website. You also have the option of simply upgrading the queued-jobs module to a protected version. Please consult with your development team or digital agency on how to action this. Further details are contained in the changelog.
Other notable improvements:
- Removed the extension which added the HTML ‘title’ attribute to links. This is not considered best practice for accessibility purposes.
- A handful of bug fixes in the user-defined forms module.
- A handful of bug fixes in the multi-factor authentication module.
- Resolved CMS component regressions that followed the release of CWP 2.7.0.
Talk to your Digital Agency or Developer about upgrading
Haven’t got a Developer or Agency? You can request support with your upgrade through the CWP Service Desk.
Developers, check out our documentation
This release announcement does not cover the full detail of what is included in the release. Be sure to review the full changelog before planning your next site upgrade.