v1.9.10
版本发布时间: 2022-03-14 22:39:33
Sylius/Sylius最新发布版本:v2.0.0-ALPHA.2(2024-09-24 19:59:39)
TL;DR
🔒 This is a security release!
Fixes the following vulnerabilities:
- Improper sanitize of SVG files during content upload ('Cross-site Scripting') in Sylius/Sylius
- Add missing HTTP headers to avoid login forms clickjacking
- Exposure of sensitive information by using the back button after logging out in sylius/sylius
Details
- #13275 [Maintenance] Add note about doctrine/dbal requirement (@lchrusciel)
- #13282 [API] Revert changes of checked keys in cart and checkout responses to fix the build (@GSadee)
- #13730 [Maintenance] Add conflict to symfony/framework-bundle to fix problem with solving path prefix in API scenarios (@GSadee)
- #13750 [Admin][Shop] placehold.it replaced to local placeholders (@ernestWarwas)
- #13765 [Security] Fixes for SVG XSS, wrong cache for logged in users and clickjacking (@ernestWarwas, @lchrusciel, @GSadee, @Zales0123, @Rafikooo)