We’re bringing you the latest patch release for the Common Web Platform, CWP 2.5.1. For this release we focused on bringing you small improvements to Silverstripe CMS. This announcement also includes details of a security vulnerability that CWP sites were protected from before the issue was disclosed to the public, and a reminder of how to keep on top of known security vulnerabilities in Silverstripe CMS below.
If your site is already on the latest version, CWP 2.5, an update to CWP 2.5.1 should be a quick upgrade for your team.
As usual, this release follows semantic versioning(external link), so it’s ready to be used in any current CWP project right now.
What's new in CWP 2.5.1?
Since the release of CWP 2.5 in December 2019, we wanted to bring you a straight-forward release that has minor changes and fixes to enhance your experience with Silverstripe CMS. This release tracks Silverstripe CMS version 4.5.1.
Create and link to anchors in your content
The most notable change in this release allows CMS authors to create (and link to) anchor links in the WYSIWYG. There’s been a lot of feedback and requests for this feature, so we’re very happy to share this will be the default behaviour for all CWP sites when you update to CWP 2.5.1.
Our development team—with the support of the open-source community— has been keeping on top of small touch-ups for Silverstripe CMS to include in this release. We’ve made all the right documentation available to you so you can see the new changes and fixes that have been included in CWP 2.5.1. To see a full list of what’s included, make sure to visit the CWP 2.5.1 release change logs.
Tracking Silverstripe CMS version 4.5.1, this CWP release includes an important security patch for all Silverstripe CMS and CWP sites. It mitigates a vulnerability that could support a malicious attacker in obtaining sensitive data through phishing attempts. The security vulnerability was given a Common Vulnerability Scoring System (CVSS) score of 7.5 and has a severity rating of high. (Read more: implementing CVSS rated security issues in CWP).
Soon after Silverstripe was privately notified of the potential vulnerability, the team responsible for the Common Web Platform was able to develop and deploy a fix across the platform, immediately protecting all websites from this vulnerability without any action required by CWP agencies.
While no further action is required for this particular security issue(external link), it is recommended that your agency keeps your site up-to-date with the latest CWP version.
Find out if your website is exposed to security vulnerabilities
While the Common Web Platform prides itself on a high level of security and independent scrutiny, new security vulnerabilities can always be uncovered as the software around us evolves.
Stack Managers and those with access to the CWP Dashboard are able to view what version of Silverstripe CMS they are running on their CWP website. If your site is not using Silverstripe CMS 4.5.1 (CWP 2.5.1), or CMS 3.7.3 (CWP 1.9.1) your site will be exposed to some level of security risk.
Participating agencies have agreed to stay on supported versions of CWP, so it is important that you make a plan to keep up to date as new CWP versions are released on a quarterly basis.
It is recommended that you consult with your Digital Agency to review the CWP release change logs and CWP version releases that contain security fixes and understand the impact this may have on your website.
Keen to get your upgrade underway?
Talk to your Digital Agency or Developer about upgrading.
Haven’t got a Developer or Agency? You can request support for your upgrade through the CWP Service Desk.
Developers, check out our documentation to view the changelogs or check out the Upgrade Guide.