Release Notes / Version 11.2307
Table Of Contents
The
MediaController
now validates the URL parameters 'id', 'propertyName', 'hash', 'cropName', 'width' and 'filename'.
The missing validation was added for security reasons to prevent DoS attacks.
This change is considered breaking due to the validation, which now might deny requests which previously worked.
There is however a flag available to provide (non-breaking) backward compatibility. Using the config property
caas.mediaControllerDisableValidation=true
, the validation can be disabled.
For security reasons, the default value ist `false`. If you need backward compatibility, validation can be disabled with the risk of potential DoS attacks.
(CMS-21382)