SS-2018-019: Possible denial of service attack vector when flushing

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Severity:: Medium (?)
Identifier:: SS-2018-019
Versions Affected:: silverstripe/framework:^4.0
Versions Fixed:: silverstripe/framework:4.0.5, silverstripe/framework:4.1.3, silverstripe/framework:4.2.2, silverstripe/framework:4.3.0
Release Date:: 2018-11-07

A possible denial of service attack vector has been identified in the dev/build system controller.

dev/build now has its own URL token, similar to flushtoken, to ensure users are authenticated when running dev/build outside of dev environments.

Reported by Michael Strong (SilverStripe Ltd)