The open-source CMS, SilverStripe, has a new version that's been made available. This release solves a number of potential security vulnerabilities:
- Draft pages were visible to unauthenticated users on specifically crafted URLs.
- An content author with access to the “Security” section in the CMS could potentially take over an administrator account.
These are now fixed in 2.4.2, along with several dozen minor bug fixes.You can review a list of the 100+ changes in the changelog.
Improved Windows Support
SilverStripe 2.4.2 offers increased confidence over past versions for running our software on Windows OS when using SQL Server as the database. Previously, you had to run SilverStripe on Linux for all unit tests to pass. As a result of fixing bugs and unit tests, all SilverStripe unit tests now pass when running on Windows. The work includes fixing full-text search for the SQL Server database module, fixing windows file path issues along with numerous other bug fixes for the Windows platform done in 2.4.0 and 2.4.1.
Other minor improvements
- Allows Apache to provide better error pages
- Improved unit testing reports
- Fixed the installer logic for SQLite database
More info: http://www.silverstripe.org