Bump CompositeC1.Core from 4.3 to 6.13.0 in /Favorites

[dependabot]

Bumps CompositeC1.Core from 4.3 to 6.13.0.

Release notes

Sourced from CompositeC1.Core's releases.

C1 CMS 6.13

Download

Download C1 CMS 6.13

What’s new in C1 CMS 6.13?

This release includes a critical security fix.

Critical security fix

We have performed a critical security fix for a Remote Code Execution vulnerability, where a C1 Console user (with any access level) can complete a remote code execution attack on the website. See the security advisory for details.

Free automated upgrade

To best protect you, Orckestra is providing free, immediate, and direct access to our automated upgrade feature – any C1 installation from C1 version 5.0 and later can now be upgraded to this release, free of charge.

C1 CMS 6.12 (6.12.8122.18346)

Download

Download C1 CMS 6.12

What’s new in C1 CMS 6.12?

This release includes a critical security fix, and a few minor bug fixes.

Critical security fix

See the security advisory for details. This vulnerability cannot be exploited by anonymous users, but we urge all of our users to upgrade to this release at the earliest convenient time.

This issue was discovered and reported by GHSL team member @​JarLob (Jaroslav Lobačevski).

Free automated upgrade

To best protect you, Orckestra is providing free, immediate, and direct access to our automated upgrade feature – any C1 installation from C1 version 5.0 and later can now be upgraded to this release, free of charge.

Minor changes and bug fixes

#798 Fixing DataFolderElementsTreeNode throwing an exception when the referenced page has multiple versions SearchAPI: SearchResult is extended to include score and score explanation. Search indexing: multiple registrations of IDataFieldProcessorProvider weren't supported properly

C1 CMS 6.11 (6.11.7982.26191)

Download

Download C1 CMS 6.11

... (truncated)

Commits

• 119ff09 Merge pull request #815 from Orckestra/dev
• 2c4c8cf Updating version number to 6.13
• af856ab Merge pull request #814 from Orckestra/json-serialization-fixes
• 07dae80 Fix #810: DataTypeDescriptor Clone does not clone "Cachable"
• a68c838 JSON deserialization settings: limiting MaxDepth to 128
• 2655506 CompositeSerializationBinder: performing type check on generic type arguments
• b140da9 ImageResizer - a backward compatibility fix
• a2c1c38 Merge pull request #802 from Orckestra/dev
• 8013a5f CompositeSerializationBinder - fixing a backward compatibility issue
• 8bf8447 Merge pull request #801 from Orckestra/dev
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.