v1.10.11
版本发布时间: 2022-03-14 22:39:36
Sylius/Sylius最新发布版本:v2.0.0-ALPHA.2(2024-09-24 19:59:39)
TL;DR
🔒 This is a security release!
Fixes the following vulnerabilities:
- Improper sanitize of SVG files during content upload ('Cross-site Scripting') in Sylius/Sylius
- User token not setup to null after reset password
- Add missing HTTP headers to avoid login forms clickjacking
- Exposure of sensitive information by using the back button after logging out in sylius/sylius
Details
- #13432 Update SalesDataProvider.php (@remoteclient)
- #13723 [Docs] Deployment on artifakt (@AdamKasp)
- #13731 [Taxation] Add validation of negative tax rate (@coldic3)
- #13734 [JS] add empty value to autocomplete selects (@SirDomin)
- #13750 [Admin][Shop] placehold.it replaced to local placeholders (@ernestWarwas)
- #13756 [GitHub Actions] Change PHP ini values + clear cache (@GSadee)
- #13765 [Security] Fixes for SVG XSS, wrong cache for logged in users and clickjacking (@ernestWarwas, @lchrusciel, @GSadee, @Zales0123, @Rafikooo)
- #13766 [Security][API] passwordResetToken nulled after password is changed (@lchrusciel, @ernestWarwas, @GSadee, @TheMilek)