Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CVE-2024-29885] Respect canView permissions for viewing reports #189

Merged

Conversation

emteknetnz
Copy link
Member

No description provided.

Copy link
Member

@GuySartorelli GuySartorelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@GuySartorelli GuySartorelli merged commit d325683 into silverstripe:5.2 Jul 16, 2024
10 checks passed
@GuySartorelli GuySartorelli deleted the pulls/5.2/cve-2024-29885 branch July 16, 2024 23:40
@G-Rath
Copy link

G-Rath commented Jul 21, 2024

@GuySartorelli @emteknetnz is there any plan to backport this to v4? Not sure if this is covered by the security support period, but having it (and the other recent framework vulns) backported would take some pressure off us while we get through the major upgrade

@GuySartorelli
Copy link
Member

GuySartorelli commented Jul 21, 2024

@G-Rath Hiya.
As per the major release policy only high and critical severity security patches are released for a major release line in "security fixes only" support, which is where CMS 4 is right now.

In other words this patch will not be backported to CMS 4.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants