diff --git a/CHANGELOG.md b/CHANGELOG.md index 5de7c73bec..90a3ef77ce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,23 @@ +CHANGELOG for 1.3.2 +=================== +This changelog references the relevant changes (new features, changes and bugs) done in 1.3.2 versions. + +* 1.3.2 (2014-09-22) + * Stored XSS Vulnerability fixes + * added "|json_encode|raw" for values outputted in JS objects + * removed "|raw" from outputs of path in url attributes + * added "e('html_attr')|raw" when outputting html attributes + * removed mentions of "flexible entity" and unused code + * added validator for css field of embedded form, now if user will enter html tags in this field he will get an error message + * added stiptags filter for css of embedded forms + * changed translation message oro.entity_config.records_count.label to contain placeholder of records count and use UI.link macros in template instead of slicing str + * changed method of validation of emails on the client, old validation was working very slowly with some values like '">< img src=d onerror=confirm(/provensec/);>', n + * removed "trans|raw" where it's not required + * minor changes in templates to improve readability + * added Email validator for Lead + * fixed XSS vulnerability in Leads, Case Comments, Notes, Embedded forms, Emails, Business Units, Breadcrumbs + * fixed escaping of page title + CHANGELOG for 1.3.1 =================== This changelog references the relevant changes (new features, changes and bugs) done in 1.3.1 versions. diff --git a/composer.lock b/composer.lock index c5eaedd14a..2695b02fc5 100644 --- a/composer.lock +++ b/composer.lock @@ -246,12 +246,12 @@ "version": "v0.2.8", "source": { "type": "git", - "url": "https://github.com/cboden/Ratchet.git", + "url": "https://github.com/ratchetphp/Ratchet.git", "reference": "ebd17c6675b51044e711a1089b1534fd8c68c9e0" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/cboden/Ratchet/zipball/ebd17c6675b51044e711a1089b1534fd8c68c9e0", + "url": "https://api.github.com/repos/ratchetphp/Ratchet/zipball/ebd17c6675b51044e711a1089b1534fd8c68c9e0", "reference": "ebd17c6675b51044e711a1089b1534fd8c68c9e0", "shasum": "" }, @@ -479,7 +479,7 @@ { "name": "Johannes Schmitt", "email": "schmittjoh@gmail.com", - "homepage": "http://jmsyst.com", + "homepage": "https://github.com/schmittjoh", "role": "Developer of wrapped JMSSerializerBundle" } ], @@ -494,16 +494,16 @@ }, { "name": "doctrine/cache", - "version": "v1.3.0", + "version": "v1.3.1", "source": { "type": "git", "url": "https://github.com/doctrine/cache.git", - "reference": "e16d7adf45664a50fa86f515b6d5e7f670130449" + "reference": "cf483685798a72c93bf4206e3dd6358ea07d64e7" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/doctrine/cache/zipball/e16d7adf45664a50fa86f515b6d5e7f670130449", - "reference": "e16d7adf45664a50fa86f515b6d5e7f670130449", + "url": "https://api.github.com/repos/doctrine/cache/zipball/cf483685798a72c93bf4206e3dd6358ea07d64e7", + "reference": "cf483685798a72c93bf4206e3dd6358ea07d64e7", "shasum": "" }, "require": { @@ -519,7 +519,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "1.0.x-dev" + "dev-master": "1.4.x-dev" } }, "autoload": { @@ -532,17 +532,6 @@ "MIT" ], "authors": [ - { - "name": "Jonathan H. Wage", - "email": "jonwage@gmail.com", - "homepage": "http://www.jwage.com/", - "role": "Creator" - }, - { - "name": "Guilherme Blanco", - "email": "guilhermeblanco@gmail.com", - "homepage": "http://www.instaclick.com" - }, { "name": "Roman Borschel", "email": "roman@code-factory.org" @@ -551,11 +540,17 @@ "name": "Benjamin Eberlei", "email": "kontakt@beberlei.de" }, + { + "name": "Guilherme Blanco", + "email": "guilhermeblanco@gmail.com" + }, + { + "name": "Jonathan Wage", + "email": "jonwage@gmail.com" + }, { "name": "Johannes Schmitt", - "email": "schmittjoh@gmail.com", - "homepage": "http://jmsyst.com", - "role": "Developer of wrapped JMSSerializerBundle" + "email": "schmittjoh@gmail.com" } ], "description": "Caching library offering an object-oriented API for many cache backends", @@ -564,7 +559,7 @@ "cache", "caching" ], - "time": "2013-10-25 19:04:14" + "time": "2014-09-17 14:24:04" }, { "name": "doctrine/collections", @@ -621,7 +616,7 @@ { "name": "Johannes Schmitt", "email": "schmittjoh@gmail.com", - "homepage": "http://jmsyst.com", + "homepage": "https://github.com/schmittjoh", "role": "Developer of wrapped JMSSerializerBundle" } ], @@ -697,7 +692,7 @@ { "name": "Johannes Schmitt", "email": "schmittjoh@gmail.com", - "homepage": "http://jmsyst.com", + "homepage": "https://github.com/schmittjoh", "role": "Developer of wrapped JMSSerializerBundle" } ], @@ -774,12 +769,12 @@ "source": { "type": "git", "url": "https://github.com/doctrine/dbal.git", - "reference": "1b62e9f76fce135ed1b4c2caca57e2257b0cd651" + "reference": "f15c4823b1bc5fceacc199765709cb67001445b2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/doctrine/dbal/zipball/1b62e9f76fce135ed1b4c2caca57e2257b0cd651", - "reference": "1b62e9f76fce135ed1b4c2caca57e2257b0cd651", + "url": "https://api.github.com/repos/doctrine/dbal/zipball/f15c4823b1bc5fceacc199765709cb67001445b2", + "reference": "f15c4823b1bc5fceacc199765709cb67001445b2", "shasum": "" }, "require": { @@ -829,7 +824,7 @@ "persistence", "queryobject" ], - "time": "2014-08-04 10:25:05" + "time": "2014-08-20 16:09:16" }, { "name": "doctrine/doctrine-bundle", @@ -1013,7 +1008,7 @@ { "name": "Johannes Schmitt", "email": "schmittjoh@gmail.com", - "homepage": "http://jmsyst.com", + "homepage": "https://github.com/schmittjoh", "role": "Developer of wrapped JMSSerializerBundle" } ], @@ -1067,7 +1062,7 @@ { "name": "Johannes Schmitt", "email": "schmittjoh@gmail.com", - "homepage": "http://jmsyst.com", + "homepage": "https://github.com/schmittjoh", "role": "Developer of wrapped JMSSerializerBundle" } ], @@ -2013,9 +2008,9 @@ ], "authors": [ { - "name": "Johannes M. Schmitt", + "name": "Johannes Schmitt", "email": "schmittjoh@gmail.com", - "homepage": "http://jmsyst.com", + "homepage": "https://github.com/schmittjoh", "role": "Developer of wrapped JMSSerializerBundle" } ], @@ -2055,9 +2050,9 @@ ], "authors": [ { - "name": "Johannes M. Schmitt", + "name": "Johannes Schmitt", "email": "schmittjoh@gmail.com", - "homepage": "http://jmsyst.com", + "homepage": "https://github.com/schmittjoh", "role": "Developer of wrapped JMSSerializerBundle" } ], @@ -2120,9 +2115,9 @@ ], "authors": [ { - "name": "Johannes M. Schmitt", + "name": "Johannes Schmitt", "email": "schmittjoh@gmail.com", - "homepage": "http://jmsyst.com", + "homepage": "https://github.com/schmittjoh", "role": "Developer of wrapped JMSSerializerBundle" } ], @@ -2346,9 +2341,9 @@ ], "authors": [ { - "name": "Johannes M. Schmitt", + "name": "Johannes Schmitt", "email": "schmittjoh@gmail.com", - "homepage": "http://jmsyst.com", + "homepage": "https://github.com/schmittjoh", "role": "Developer of wrapped JMSSerializerBundle" } ], @@ -2416,9 +2411,9 @@ ], "authors": [ { - "name": "Johannes M. Schmitt", + "name": "Johannes Schmitt", "email": "schmittjoh@gmail.com", - "homepage": "http://jmsyst.com", + "homepage": "https://github.com/schmittjoh", "role": "Developer of wrapped JMSSerializerBundle" } ], @@ -2476,7 +2471,7 @@ }, { "name": "Robert Schönthal", - "email": "seroscho@googlemail.com", + "email": "robert.schoenthal@gmail.com", "homepage": "http://digitalkaoz.net" } ], @@ -2678,7 +2673,7 @@ "email": "stof@notk.org" }, { - "name": "KnpLabs", + "name": "Knplabs", "homepage": "http://knplabs.com" }, { @@ -3003,7 +2998,7 @@ { "name": "Florent Viel", "email": "luxifer666@gmail.com", - "homepage": "http://blog.luxifer.fr", + "homepage": "http://florentviel.com", "role": "Developer" } ], @@ -3309,16 +3304,16 @@ }, { "name": "oro/doctrine-extensions", - "version": "1.0.x-dev", + "version": "1.0.4", "source": { "type": "git", "url": "https://github.com/orocrm/doctrine-extensions.git", - "reference": "250471c9fcd9cd2e6c6d7000e58493dda757f0aa" + "reference": "50d111475daa3608c73ca97a9e6698f8914b308b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/orocrm/doctrine-extensions/zipball/250471c9fcd9cd2e6c6d7000e58493dda757f0aa", - "reference": "250471c9fcd9cd2e6c6d7000e58493dda757f0aa", + "url": "https://api.github.com/repos/orocrm/doctrine-extensions/zipball/50d111475daa3608c73ca97a9e6698f8914b308b", + "reference": "50d111475daa3608c73ca97a9e6698f8914b308b", "shasum": "" }, "require": { @@ -3358,15 +3353,21 @@ "postgresql", "type" ], - "time": "2014-08-08 19:26:37" + "time": "2014-09-18 11:53:25" }, { "name": "oro/platform", - "version": "1.3.1", + "version": "1.3.2", "source": { "type": "git", - "url": "git@github.com:orocrm/platform.git", - "reference": "d51c0bc6f2d93224d7918224b5bd6ee8a6e5c89e" + "url": "https://github.com/orocrm/platform.git", + "reference": "a2b548c64e71e12e673d98e350fd042ee2a96be9" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/orocrm/platform/zipball/a2b548c64e71e12e673d98e350fd042ee2a96be9", + "reference": "a2b548c64e71e12e673d98e350fd042ee2a96be9", + "shasum": "" }, "require": { "a2lix/translation-form-bundle": "1.2", @@ -3406,7 +3407,7 @@ "nelmio/api-doc-bundle": "2.4.4", "nesbot/carbon": "1.8.*", "ocramius/proxy-manager": "0.4.*", - "oro/doctrine-extensions": "1.0.x-dev", + "oro/doctrine-extensions": "1.0.*", "php": ">=5.4.9", "rhumsaa/uuid": "~2.7", "sensio/distribution-bundle": "2.3.4", @@ -3434,7 +3435,7 @@ "Oro\\Bundle": "src/" } }, - "notification-url": "http://packagist.orocrm.com/downloads/", + "notification-url": "https://packagist.org/downloads/", "license": [ "MIT" ], @@ -3446,7 +3447,7 @@ ], "description": "Business Application Platform (BAP)", "homepage": "https://github.com/orocrm/platform.git", - "time": "2014-08-14 16:10:52" + "time": "2014-09-22 10:32:48" }, { "name": "phpcollection/phpcollection", @@ -3482,9 +3483,9 @@ ], "authors": [ { - "name": "Johannes M. Schmitt", + "name": "Johannes Schmitt", "email": "schmittjoh@gmail.com", - "homepage": "http://jmsyst.com", + "homepage": "https://github.com/schmittjoh", "role": "Developer of wrapped JMSSerializerBundle" } ], @@ -3532,9 +3533,9 @@ ], "authors": [ { - "name": "Johannes M. Schmitt", + "name": "Johannes Schmitt", "email": "schmittjoh@gmail.com", - "homepage": "http://jmsyst.com", + "homepage": "https://github.com/schmittjoh", "role": "Developer of wrapped JMSSerializerBundle" } ], @@ -3717,16 +3718,16 @@ }, { "name": "rhumsaa/uuid", - "version": "2.7.2", + "version": "2.7.3", "source": { "type": "git", "url": "https://github.com/ramsey/uuid.git", - "reference": "ccabc07c649fbac6b409fe42439e042232f9db58" + "reference": "b976326ca5977d7333f34e3c828ae7c22a49a65a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/ramsey/uuid/zipball/ccabc07c649fbac6b409fe42439e042232f9db58", - "reference": "ccabc07c649fbac6b409fe42439e042232f9db58", + "url": "https://api.github.com/repos/ramsey/uuid/zipball/b976326ca5977d7333f34e3c828ae7c22a49a65a", + "reference": "b976326ca5977d7333f34e3c828ae7c22a49a65a", "shasum": "" }, "require": { @@ -3779,20 +3780,20 @@ "identifier", "uuid" ], - "time": "2014-07-28 17:51:57" + "time": "2014-08-27 22:39:41" }, { "name": "seld/jsonlint", - "version": "1.2.0", + "version": "1.3.0", "source": { "type": "git", "url": "https://github.com/Seldaek/jsonlint.git", - "reference": "9cae56dbe34f4392e7d0f559474df33749a39f8d" + "reference": "a7bc2ec9520ad15382292591b617c43bdb1fec35" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Seldaek/jsonlint/zipball/9cae56dbe34f4392e7d0f559474df33749a39f8d", - "reference": "9cae56dbe34f4392e7d0f559474df33749a39f8d", + "url": "https://api.github.com/repos/Seldaek/jsonlint/zipball/a7bc2ec9520ad15382292591b617c43bdb1fec35", + "reference": "a7bc2ec9520ad15382292591b617c43bdb1fec35", "shasum": "" }, "require": { @@ -3825,7 +3826,7 @@ "parser", "validator" ], - "time": "2014-07-20 17:36:11" + "time": "2014-09-05 15:36:20" }, { "name": "sensio/distribution-bundle", @@ -4038,16 +4039,16 @@ }, { "name": "swiftmailer/swiftmailer", - "version": "v5.2.1", + "version": "v5.2.2", "source": { "type": "git", "url": "https://github.com/swiftmailer/swiftmailer.git", - "reference": "2b9af56cc676c338d52fca4c657e5bdff73bb7af" + "reference": "e02f71a35436af4bd58a1bd90116089e632e29e1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/swiftmailer/swiftmailer/zipball/2b9af56cc676c338d52fca4c657e5bdff73bb7af", - "reference": "2b9af56cc676c338d52fca4c657e5bdff73bb7af", + "url": "https://api.github.com/repos/swiftmailer/swiftmailer/zipball/e02f71a35436af4bd58a1bd90116089e632e29e1", + "reference": "e02f71a35436af4bd58a1bd90116089e632e29e1", "shasum": "" }, "require": { @@ -4073,13 +4074,11 @@ ], "authors": [ { - "name": "Fabien Potencier", - "email": "fabien@symfony.com", - "homepage": "http://fabien.potencier.org", - "role": "Lead Developer" + "name": "Chris Corbyn" }, { - "name": "Chris Corbyn" + "name": "Fabien Potencier", + "email": "fabien@symfony.com" } ], "description": "Swiftmailer, free feature-rich PHP mailer", @@ -4088,7 +4087,7 @@ "mail", "mailer" ], - "time": "2014-06-13 11:44:54" + "time": "2014-09-20 07:17:36" }, { "name": "sylius/flow-bundle", @@ -4383,16 +4382,16 @@ }, { "name": "symfony/symfony", - "version": "v2.3.18", + "version": "v2.3.19", "source": { "type": "git", "url": "https://github.com/symfony/symfony.git", - "reference": "75e07e6bde6391a6f49c8546a43740c80ac1b06b" + "reference": "1fc05758044fa1cf54460d7d4aff5f55b0f1b0db" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/symfony/zipball/75e07e6bde6391a6f49c8546a43740c80ac1b06b", - "reference": "75e07e6bde6391a6f49c8546a43740c80ac1b06b", + "url": "https://api.github.com/repos/symfony/symfony/zipball/1fc05758044fa1cf54460d7d4aff5f55b0f1b0db", + "reference": "1fc05758044fa1cf54460d7d4aff5f55b0f1b0db", "shasum": "" }, "require": { @@ -4473,15 +4472,13 @@ "MIT" ], "authors": [ - { - "name": "Fabien Potencier", - "email": "fabien@symfony.com", - "homepage": "http://fabien.potencier.org", - "role": "Lead Developer" - }, { "name": "Symfony Community", "homepage": "http://symfony.com/contributors" + }, + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" } ], "description": "The Symfony PHP framework", @@ -4489,7 +4486,7 @@ "keywords": [ "framework" ], - "time": "2014-07-15 14:20:44" + "time": "2014-09-03 09:45:27" }, { "name": "twig/extensions",