2.5.0

What's Changed

• MNT Fix phpcs blank line by @emteknetnz in #65
• DOCS Change "SilverStripe" to "Silverstripe" in readme by @GuySartorelli in #66
• DEP Set PHP 7.4 as the minimum version by @emteknetnz in #68
• ENH PHP 8.1 compatibility by @emteknetnz in #70

New Contributors

• @GuySartorelli made their first contribution in #66

Full Changelog: 2.4.0...2.5.0

2.4.0

What's Changed

• API phpunit 9 support by @emteknetnz in #64

Full Changelog: 2.3.0...2.4.0

1.2.0

Removes mcrypt dependency, making this module compatible with PHP 7.2+

2.1.2

Fixed a regression caused by silverstripe/[email protected], which introduced safeguards around web-based administrative tasks triggered through URL paths and parameters. See CVE-2019-12246: Denial of Service on flush and development URL tools.

When using this framework release, and triggering administrative actions such as ?flush=1, dev/build, or dev/tasks/*, the confirmation token required for CSRF protection could not be set in the session. This prevented the task from passing the new confirmation step. The regression occurred when the silverstripe/hybridsessions module is installed, and is activated through environment constants (which is the default configuration for Active DR stacks in CWP.

The fix (#49) can be applied to existing SilverStripe environments with existing session data managed through the module. It should not cause users from losing session data, or being logged out of the CMS. On the next write to existing sessions, existing session data will automatically be converted to a binary-safe persistence format. New sessions will write in the correct format by default.

Other changes:

• Update translations (Robbie Averill) - 3fcebd6

1.1.2

• Backport a2faefc for SS3 support (Updated write and destroy methods so that an expected boolean is returned)
• FIX Case sensitive saltedkey should be saltedKey, update Travis versions and fix builds

2.0.0

Release 2.0.0

2.0.0-beta2

• NEW Convert to vendor module (Robbie Averill) - 8fd5c66
• updated with multiple return points, as soon as we know what the result will be (Jason McClean) - 92ec9dd
• Only return true from the write handler if at least one of the handlers return true. (Jason McClean) - d974439
• Updated write and destroy methods so that an expected boolean is returned. (Jason McClean) - a2faefc

2.0.0-beta1

SilverStripe 4 compatible

• Updating travis install steps (Daniel Hensby) - 056db7b
• FIX Case sensitive saltedkey should be saltedKey, update Travis versions and fix builds (Robbie Averill) - 11cacc9
• FIX convert CI bootstrap references to new their new locations in vendor (Dylan Wagstaff) - f81bc5c
• Remove obsolete branch alias (Robbie Averill) - d53ffb2
• FIX Check enabled being calling session_write_close, config after core, add test for config and add bades to readme (Robbie Averill) - c83a00b
• Replace core session middlewere (Will Rossiter) - 3e423f5
• FIX Run PSR-2 linter over src/ and tests/ (Robbie Averill) - 9906b4a
• FIX Use database in AbstractTest, import SessionHandlerInterface, add extra dev deps and remove PHPCS config over core (Robbie Averill) - 476b33f
• NEW Make Crypto injectable. (Will Rossiter) - 0f15151
• Specify cookie domain (Fixes #24) (Will Rossiter) - 50deaf6
• Replace mcrypt with OpenSSL, update docs and lang (Will Rossiter) - deba349
• Update travis config (Will Rossiter) - 6ffe283
• Upgrade hybrid sessions to 4.0 (Will Rossiter) - d73c5fe
• Added standard Scrutinizer config (helpfulrobot) - 7cbe778

1.1.1

• Include tests for 3.2 and php 5.6
• Update documentation and configuration to supported module standard
• Move to new travis containerised infrastructure
• Changelog added.

1.1.0: Merge pull request #8 from tractorcow/pulls/build-tag

Add build icon