Skip to content

Maintenance Release 5.1.13
Compare
Choose a tag to compare
@bobdenotter bobdenotter released this 26 Aug 11:54
· 71 commits to 5.1 since this release
5.1.13
0539de1
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Released: 2022-08-26

This release includes three security-related fixes. Our thanks go out to Eitan Shav at WhiteSource and David Müller of lutrasecurity.com for identifying these issues and disclosing them to us responsibly! 👏🙏

🐛 Bug fixes

  • Fix setcontent with where { } clause filtering on a foreign id in MySQL (bobdenotter, #3302)
  • Proper default for $filter (bobdenotter, #3296)
  • Fix icons in ContentTypes in Menu (bobdenotter, #3287)

🔐 Security related changes

  • Prevent renaming or moving of files on edit (bobdenotter, #3295)
  • Ensure uploaded SVG files have no embedded Javascript (bobdenotter, #3294)
  • Prevent injection when filtering records (bobdenotter, #3293)
Assets 2
Loading