Fork 5.11.1 released
- Written by Jelmer Prins on Thursday 24 March 2022 with the tags releases, 5.11.1.
- Be the first to comment
Today we released Fork 5.11.1. You can also follow Fork on github.
Changelog
Fixed:
- Core: Add missing aria attributes on form errors #3485
- Core: Fix adding links on images in ckeditor #3478
- Core: Fix database env variables not resolving before checking installed module #3502
- Core: Update packages #3500 #3482 #3483 #3489 #3490 #3492
- Blog: Fix translation in wordpress import page #3484
- Pages: Fix default breadcrumb style #3487
Security:
All these security issues require access to the backend before they can be exploited.
- Core: Fix xss bug in multiple select box #3501
- Authentication: Intercept a redirect to a different domain on login using // at the start of the queryparameter #3494
- Authentication: Reauthenticate a user after password change to log out other sessions #3493
- Blog: Prevent sql injection in the backend through bulk action marking comments as spam #3497
- Extensions: Prevent xss in the backend in the theme and module detail page through the description #3499
- FormBuilder: Prevent sql injection in the backend through bulk deletion of submitted data #3495
- Locale: Prevent sql injection in the backend through export of translations #3498
- Tags: Prevent sql injection in the backend through bulk deletion of tags #3496