Fork 5.11.1 released

Today we released Fork 5.11.1. You can also follow Fork on github.

Changelog

Fixed:

  • Core: Add missing aria attributes on form errors #3485
  • Core: Fix adding links on images in ckeditor #3478
  • Core: Fix database env variables not resolving before checking installed module #3502
  • Core: Update packages #3500 #3482 #3483 #3489 #3490 #3492
  • Blog: Fix translation in wordpress import page #3484
  • Pages: Fix default breadcrumb style #3487

Security:

All these security issues require access to the backend before they can be exploited.

  • Core: Fix xss bug in multiple select box #3501
  • Authentication: Intercept a redirect to a different domain on login using // at the start of the queryparameter #3494
  • Authentication: Reauthenticate a user after password change to log out other sessions #3493
  • Blog: Prevent sql injection in the backend through bulk action marking comments as spam #3497
  • Extensions: Prevent xss in the backend in the theme and module detail page through the description #3499
  • FormBuilder: Prevent sql injection in the backend through bulk deletion of submitted data #3495
  • Locale: Prevent sql injection in the backend through export of translations #3498
  • Tags: Prevent sql injection in the backend through bulk deletion of tags #3496