.. _upgrade-to-3.4.7:

###################
3.4.7 release notes
###################


*******************
What's new in 3.4.7
*******************

Bug Fixes
=========

* Removed extra quotation mark from the sideframe button template
* Fixed a bug where xframe options were processed by clickjacking middleware
  when page was served from cache, rather then get this value from cache
* Fixed a bug where cached page permissions overrides global permissions
* Fixed a bug where editing pages with primary keys greater than 9999 would throw an
  exception.
* Fixed broken wizard page creation when no language is set within the template context (see #5828).
* Fixed a security vulnerability in the plugin_type url parameter to insert JavaScript code.