Overview

This release includes CMS and Framework version 4.5.0, which also includes the contents of version 4.4.4.

Upgrading to Recipe 2.5.0 is recommended for all CWP sites. This upgrade can be carried out by any development team familiar with SilverStripe. However, if you would like SilverStripe's assistance, you can request support via the Service Desk.

New features

The release announcement includes the note worthy features, but be sure to review the change log for full detail of all new features.

Known Issues

Expected test failures

The following PHPUnit test failures are expected and do not represent functional issues in CWP:

  • SilverStripe\TextExtraction\Tests\FileTextExtractableTest::testExtractFileAsText: This test was not correctly configured. It has been fixed upstream, and will pass in a future release.
  • Symbiote\QueuedJobs\Tests\QueuedJobsAdminTest::testConstructorParamsShouldBeATextarea: This test was not correctly configured. It has been fixed upstream, and will pass in a future release.
  • Symbiote\QueuedJobs\Tests\QueuedJobsAdminTest::testCreateJobWithConstructorParams: This test was not correctly configured. It has been fixed upstream, and will pass in a future release.

Upgrading instructions

In order to update an existing site to use the new CWP recipe the following changes to your composer.json can be made:

"require": {
    "cwp/cwp-recipe-core": "2.5.0@stable",
    "cwp/cwp-recipe-cms": "2.5.0@stable",
    "silverstripe/recipe-blog": "1.5.0@stable",
    "silverstripe/recipe-form-building": "1.5.0@stable",
    "silverstripe/recipe-authoring-tools": "1.5.0@stable",
    "silverstripe/recipe-collaboration": "1.5.0@stable",
    "silverstripe/recipe-reporting-tools": "1.5.0@stable",
    "cwp/cwp-recipe-search": "2.5.0@stable",
    "silverstripe/recipe-services": "1.5.0@stable",
    "silverstripe/subsites": "2.3.3@stable",
    "tractorcow/silverstripe-fluent": "4.4.4@stable",
    "cwp/starter-theme": "3.0.2@stable"
},
"prefer-stable": true

Security considerations

This release includes several security fixes. Please see the release announcements for more detailed descriptions of each, but note that the following issues have CWP-specific CVSS Environmental scores which take built-in protections from the CWP platform into account. We highly encourage upgrading your CWP projects to include these security patches regardless of severity.

  • CVE-2019-12617: CVSS 5.0 on CWP
  • CVE-2019-12203: CVSS 6.5 on CWP
  • CVE-2019-12204: CVSS 0.0 on CWP; fixed at infrastructure level.
  • CVE-2019-14273: CVSS 3.5 on CWP
  • CVE-2019-12245: CVSS 3.7 on CWP

Change Log

Security

  • 2019-09-23 8b7063a8e Fix access escalation for CMS users with limited access through permission cache pollution (Serge Latyntcev) - See cve-2019-12617
  • 2019-09-16 eccfa9b10 Session fixation in "change password" form (Serge Latyntcev) - See cve-2019-12203
  • 2019-08-20 f98a59de install.php warning does not account for public dir (Aaron Carlino) - See cve-2019-12204
  • 2019-08-17 8c7a719 Broken access control on files due to session grant (Aaron Carlino) - See cve-2019-14273
  • 2019-05-21 73e0cc6 Fix incorrect access control vulnerability with unwritten files in protected folders (Robbie Averill) - See cve-2019-12245

API Changes

  • 2019-08-26 90f1013 Add classname utility method to prefix class names (Maxime Rainville)

Features and Enhancements

  • 2019-10-15 019d806 Tweak child rendering error translation key, add to lang files (Garion Herman)
  • 2019-10-09 2c025c6 Introduce error boundary to Element for softer crashes (Garion Herman)
  • 2019-09-20 5d1df63 ability to configure content field replacement (Dylan Wagstaff)
  • 2019-08-20 ed44168 Add extensions with page to allow custom behaviour on previews (Scott Hutchinson)
  • 2019-06-28 67167c0 Add tabindex="-1" to comment submission message for a11y support (Garion Herman)

Bugfixes

  • 2019-11-14 1fe0938 Fix travis build (Serge Latyntcev)
  • 2019-11-12 5113339 Fix linting issues (Maxime Rainville)
  • 2019-11-11 0b63d35 max-age syntax in config is incorrect (brynwhyman)
  • 2019-11-11 8b5cbf2 max-age syntax in comments is incorrect (brynwhyman)
  • 2019-11-07 f457e69 Fix issue with localisations being randomly deleted (Damian Mooyman)
  • 2019-11-04 32798e0 Cancel move operation if block move data is not provided (Garion Herman)
  • 2019-11-04 e8d5ecf Correct check for block being shifted to top of list (Garion Herman)
  • 2019-10-30 893f2d0 Handle edgecase when Element is 'moved' to the same place (Garion Herman)
  • 2019-10-29 21e66e5 Resolve issues with drag/drop behaviour on Elements (Garion Herman)
  • 2019-10-18 ac0b263 Restoring PHP5.6 support (Maxime Rainville)
  • 2019-10-18 d846cd3 Update react-injector to remove sourcemaps (Garion Herman)
  • 2019-10-18 b41a2ea Use trusty for Travis CI builds (Garion Herman)
  • 2019-10-18 2781aa3 linting errors (Garion Herman)
  • 2019-10-17 1652e9e Allow compatibility with patched releases of Subsites 2.2 (Garion Herman)
  • 2019-10-15 d8509a4 Support localised types specified as explicit FQN class names (Damian Mooyman)
  • 2019-10-07 dfeb922 Add missing import statement for SilverStripe\ORM\ValidationResult in UserDefinedFormController and EditableFileField. (Charlie Bergthaler)
  • 2019-09-23 a8f778f Update Apache .htaccess for new access directives (Dylan Wagstaff)
  • 2019-09-23 f177606 Update Apache .htaccess for new access directives (Dylan Wagstaff)
  • 2019-09-19 e67ea14 Warn during dev/build if fluent extension is applied in too many, or the wrong places (Damian Mooyman)
  • 2019-09-19 3bdaffe Don't use unsecure cookies if session is secure (Damian Mooyman)
  • 2019-09-12 5b74459 Re-fix the Notification.REGISTERED/REMOVED translations (Garion Herman)
  • 2019-09-06 0348e5d fix(submitted-form): Pass member to parent calls (Marco (Valandur))
  • 2019-09-05 696fa1d fix(submitted-form): canCreate not checking parent (Marco (Valandur))
  • 2019-09-03 ec27b70 allow extending function by extension even if $page is null (Jules)
  • 2019-08-28 b996f05 AddElementPopoverComponent target on HoverBar wasn't matching an actual target. (Maxime Rainville)
  • 2019-08-28 1913ee5 Remove unused method from AddElementPopover (Maxime Rainville)
  • 2019-08-22 953b6d9 Make the HoverBar in-between block more visible (Maxime Rainville)
  • 2019-08-22 12deace Use SS_Object for PHP 7.2 compatibility (Robbie Averill)
  • 2019-08-20 0928fda DatedUpdateHolder should use aggregated columns for better MySQL version support (Guy Marriott)
  • 2019-08-20 a6002d5 Fix 'User help guide' link in Introduction section (benwrighton)
  • 2019-08-20 671e1b1 Ensure PHP 7.2+ compatibility (Guy Marriott)
  • 2019-08-15 a62539e Remove pagination on blocks so more than 100 blocks appear in editor (Guy Marriott)
  • 2019-08-15 09c94b8 Restore the statusbar to TinyMCE in blocks (and the drag handle with it) (Guy Marriott)
  • 2019-08-14 50c476c Reorder block actions (Maxime Rainville)
  • 2019-08-02 1946337 Fixed missing -> operator. (taoceanz)
  • 2019-07-31 5e9601b Unlock text from forcing horizontal scroll (Dylan Wagstaff)
  • 2019-07-29 9176406 Prevent undefined index notice when trying to determine HTTP… (#440) (Guy Marriott)
  • 2019-07-26 9a7cdbb Prevent undefined index notice when trying to determine HTTP_HOST during dev/build (Robbie Averill)
  • 2019-07-15 c0f0c99 CommentAdmin implements PermissionProvider (Jason Irish)
  • 2019-07-12 58f8980 Ensure constant is accessed correctly (Guy Marriott)
  • 2019-05-31 2eb04ff Improving support for cascading themes (Guy Marriott)
  • 2019-05-20 3142b35 #42: Remove excess RewriteCond and clean up comments to reflect current functionality. (Patrick Nelson)
  • 2019-05-08 0b39d8c Fix(mutex) make the mutex update check for finished or running jobs (Stephen McMahon)
  • 2019-05-08 8a7327b Fix travis dependencies (Aaron Carlino)
  • 2019-04-18 6cb26dc fixed confirmationField (setError is depreciated) (Makreig)
  • 2019-04-15 f63973f Disable uneeded File ID Helper on new project (Maxime Rainville)
  • 2019-03-18 398457e Column source checkbox now no longer has a left margin override - fixes checkbox indentation (Robbie Averill)
  • 2018-10-30 d1eae39 Use Configurable trait (James Ayers)

Other changes

  • 2019-12-17 1bb0b0f Update development dependencies (Garion Herman)
  • 2019-12-17 b7ef67c Update development dependencies (Garion Herman)
  • 2019-12-17 d9de0db Update development dependencies (Garion Herman)
  • 2019-12-17 9b837dd Update development dependencies (Garion Herman)
  • 2019-12-17 7b7a697 Update development dependencies (Garion Herman)
  • 2019-12-17 62ae41c Update development dependencies (Garion Herman)
  • 2019-12-17 3a010e2 Update development dependencies (Garion Herman)
  • 2019-12-17 6626989 Update development dependencies (Garion Herman)
  • 2019-12-17 2dc6819 Update development dependencies (Garion Herman)
  • 2019-12-17 58d289c Update development dependencies (Garion Herman)
  • 2019-12-17 f1dfdf8 Update development dependencies (Garion Herman)
  • 2019-12-17 674e1e3 Update development dependencies (Serge Latyntcev)
  • 2019-11-18 41ca970 Update development dependencies (Garion Herman)
  • 2019-11-18 bcd9a01 Update development dependencies (Garion Herman)
  • 2019-11-18 b4b8ff9 Update development dependencies (Garion Herman)
  • 2019-11-18 76b8fef Update development dependencies (Garion Herman)
  • 2019-11-18 3268dcc Update development dependencies (Garion Herman)
  • 2019-11-18 17cde56 Update development dependencies (Garion Herman)
  • 2019-11-18 1795aeb Update development dependencies (Garion Herman)
  • 2019-11-18 753eb0e Update development dependencies (Garion Herman)
  • 2019-11-18 2200cb3 Update development dependencies (Garion Herman)
  • 2019-11-18 d5b302c Update development dependencies (Garion Herman)
  • 2019-11-18 3116957 Update development dependencies (Garion Herman)
  • 2019-11-18 17e4726 Update development dependencies (Garion Herman)
  • 2019-11-18 e87107b Update development dependencies (Serge Latyntcev)
  • 2019-11-18 e1bedfd Update to CMS 4.5 (Garion Herman)
  • 2019-11-18 f5aa73b Update Travis config to Xenial (Garion Herman)
  • 2019-11-17 d0b6181 Update config for 3.3 / CMS 4.5 branches (Garion Herman)
  • 2019-11-15 3643275 Update travis for 4.3 (Serge Latyntcev)
  • 2019-11-15 cc2526a Update Composer / Travis configuration for Userforms 5.5 release (Garion Herman)
  • 2019-11-14 0ce38c0 Update Composer config to CMS 4.5 / CWP 2.5 series (Garion Herman)
  • 2019-11-14 c344179 Update Composer / Travis config to CMS 4.5 / CWP 2.5 series (Garion Herman)
  • 2019-11-14 d34486b Create 1.5 minor branch (Serge Latyntcev)
  • 2019-11-14 a7f6ce0 Update Composer / Travis config to CMS 4.5 series (Garion Herman)
  • 2019-11-14 635e205 Create 1.5 minor branch (Serge Latyntcev)
  • 2019-11-14 9430cb2 Update Composer / Travis config to CMS 4.5 series (Garion Herman)
  • 2019-11-14 5e1640b Create 1.5 minor branch (Serge Latyntcev)
  • 2019-11-14 fca6c31 Update Composer / Travis config to CMS 4.5 / CWP 2.5 series (Garion Herman)
  • 2019-11-14 186c872 Create 2.5 minor branch (Serge Latyntcev)
  • 2019-11-14 f101c75 Update Composer / Travis config to CMS 4.5 / CWP 2.5 series (Garion Herman)
  • 2019-11-14 2c08929 Create 1.5 minor branch (Serge Latyntcev)
  • 2019-11-14 e5d8980 Create 2.5 minor branch (Serge Latyntcev)
  • 2019-11-14 023109a Update Composer requirements to CMS 4.5 (Garion Herman)
  • 2019-11-14 c214a55 Update Travis config to test 2.5 series (Garion Herman)
  • 2019-11-14 58a4e04 Remove obsolete branch-alias (Serge Latyntcev)
  • 2019-11-14 8e3498d Remove obsolete branch-alias (Serge Latyntcev)
  • 2019-11-11 05c5cb6 Restore empty comments.css file (Maxime Rainville)
  • 2019-11-11 df6fa16 Upgrade dependencies (Maxime Rainville)
  • 2019-11-11 ae53b88 Upgrade dependencies (Maxime Rainville)
  • 2019-11-11 b92143a Upgrade dependencies (Maxime Rainville)
  • 2019-11-11 69395ea Add jQuery dependency (Maxime Rainville)
  • 2019-11-11 74be25c Removing superfluous legacy linting exclusion (Maxime Rainville)
  • 2019-11-11 ef241e2 Update composer.json for the major branch 2; patch travis configs (Serge Latyntcev)
  • 2019-11-10 85374a1 Upgrade dependencies and build settings (Maxime Rainville)
  • 2019-11-10 ceb82ea Update composer.json for the major branch 2 (Serge Latyntcev)
  • 2019-11-10 19a6b3f Patch composer.json for the major branch 2; update travis configs (Serge Latyntcev)
  • 2019-11-10 4349bd3 Patch up composer.json for the major branch 1 (Serge Latyntcev)
  • 2019-11-08 d1e8b51 Upgradeing dependencies (Maxime Rainville)
  • 2019-11-08 73ca615 Patch up the composer.json for the major branch 1 (Serge Latyntcev)
  • 2019-11-08 d51020a Upgrade dependencies (Maxime Rainville)
  • 2019-11-07 d0d5a03 Patch up the composer.json for the major branch 2 (Serge Latyntcev)
  • 2019-11-07 b49fb04 Patch up the composer.json for the major branch 2 (Serge Latyntcev)
  • 2019-11-07 81ac515 Upgrade JS dependencies and JS build setup (Maxime Rainville)
  • 2019-11-04 d567ae1 Bump sshpk from 1.13.1 to 1.16.1 (dependabot[bot])
  • 2019-11-03 ca507f6 Bump macaddress from 0.2.8 to 0.2.9 (dependabot[bot])
  • 2019-11-03 b207d74 Manual merge of https://github.com/tractorcow-farm/silverstripe-fluent/pull/564 (Damian Mooyman)
  • 2019-11-03 dd626c5 Bump merge from 1.2.0 to 1.2.1 (dependabot[bot])
  • 2019-11-01 483dd76 Upgrde dependencies (Maxime Rainville)
  • 2019-10-25 50a6032 Make sure ignored_classes are ignored (#742) (Guy Marriott)
  • 2019-10-25 7eee13f Make sure ignored_classes are ignored (Remy Vaartjes)
  • 2019-10-24 485f112 DOCS Update Adding blocks between blocks image and content (#741) (Guy Marriott)
  • 2019-10-24 ebe5b96 DOCS Update Adding blocks between blocks image and content (Sacha Judd)
  • 2019-10-18 ba5fb9d Bump mixin-deep from 1.3.1 to 1.3.2 (dependabot[bot])
  • 2019-10-15 b6da3ec composer.json for the branch 2.x-dev (Serge Latyntcev)
  • 2019-10-03 250e522 Bump mixin-deep from 1.3.1 to 1.3.2 (dependabot[bot])
  • 2019-10-03 d5b9a28 Update Installing.md (AdamSawoscianik)
  • 2019-09-30 a8e3f40 Add config to replace content field (#732) (Guy Marriott)
  • 2019-09-27 fad4b4c Update docs/en/05_Releases_and_changelogs/cwp_recipe_basic_1.9.3.md (Dylan Wagstaff)
  • 2019-09-27 9ba147a Update the 1.9.3 release docs re: MFA again (Dylan Wagstaff)
  • 2019-09-26 2039b93 1.9.3 release notes tweaks per review (Dylan Wagstaff)
  • 2019-09-26 30a5de7 Update 1.9.3 changelog with MFA installation instructions (Dylan Wagstaff)
  • 2019-09-24 1e71b7a Update TravisCI config for old dist so builds will pass (Dylan Wagstaff)
  • 2019-09-19 c7d4745 DOCS Describe how to mutate state programatically (Damian Mooyman)
  • 2019-09-19 a2f060b Update support log for recent 1.9.3 release (Dylan Wagstaff)
  • 2019-09-18 24ac3a9 DOCS add post-2020 note to changlog index (brynwhyman)
  • 2019-09-12 eedb534 Amended release list to reflect 2.4.0 tracking 4.4.3 (Garion Herman)
  • 2019-09-12 602de88 DOC Temporarily revert 2.4.0 release (Garion Herman)
  • 2019-09-12 263d71f Re-build client files with new translations (Garion Herman)
  • 2019-09-09 76c3576 Update travis yaml 'dist:' version (Dylan Wagstaff)
  • 2019-09-03 cd7dd78 Add configuration to allow not replacing the 'Content' field to enable backwards compatibility with older content blocks modules. (Charlie Bergthaler)
  • 2019-09-03 51da698 set to null if is not present and allow extending at this point (#731) (Guy Marriott)
  • 2019-09-03 384a01e DOCS correct 1.9 release description (Bryn Whyman)
  • 2019-09-02 aa860e3 Remove installer public files (Aaron Carlino)
  • 2019-08-30 47de7ef Set the number of rows config in HTMLEditor field (Ishan Jayamanne)
  • 2019-08-29 28ec057 Bump mixin-deep from 1.3.1 to 1.3.2 (dependabot[bot])
  • 2019-08-29 a2918f6 Bump mixin-deep from 1.3.1 to 1.3.2 (dependabot[bot])
  • 2019-08-27 ce72d57 Answer PR feedback (Maxime Rainville)
  • 2019-08-26 f9e2992 Doc type of cssPrefix argument (Maxime Rainville)
  • 2019-08-26 0160e43 Bring back element-editor top class wrapper (Maxime Rainville)
  • 2019-08-22 ccbcc3b Remove invalid PHP 7.2 statement (Guy Marriott)
  • 2019-08-22 8d2367d Update index.md with more appropriate CWP 1.9.2 description (Guy Marriott)
  • 2019-08-19 3e2b5ae DOCS Update incorrecty 1.9.2 reference (Guy Marriott)
  • 2019-08-15 1108756 Alias 2.x-dev as 2.5.x-dev (Robbie Averill)
  • 2019-08-15 05814bd Increase memory limit to 2G in Travis (Robbie Averill)
  • 2019-08-15 9ef88c6 Increase SilverStripe to 4.5.x (Robbie Averill)
  • 2019-08-15 50e24a4 Use trusty distro in Travis builds (Robbie Averill)
  • 2019-08-15 5b23043 Use trusty distro in Travis builds and update tested SilverStripe versions (Robbie Averill)
  • 2019-08-15 99f8643 Update root version in Travis (Robbie Averill)
  • 2019-08-15 4426374 Use trusty distro in Travis builds and update tested SilverStripe versions (Robbie Averill)
  • 2019-08-15 f8edb71 Use trusty distro in Travis builds and update tested SilverStripe versions (Robbie Averill)
  • 2019-08-15 4be2e24 Update dependencies for SilverStripe 4.5 (Robbie Averill)
  • 2019-08-15 9382688 Update SilverStripe to 4.5 (Robbie Averill)
  • 2019-08-04 76cb1d8 Use trusty distro in Travis builds (Robbie Averill)
  • 2019-08-04 be55c0d Use trusty distro in Travis builds (Robbie Averill)
  • 2019-08-02 02def5f DOCS Searching blocks (Ingo Schommer)
  • 2019-08-02 8805e73 Use trusty distro in Travis builds (Robbie Averill)
  • 2019-07-29 09abe2b Use Director::host() over direct $_SERVER access (Robbie Averill)
  • 2019-07-22 b0653f4 Update Travis matrix (Robbie Averill)
  • 2019-07-22 aa580ab Update phpunit (Robbie Averill)
  • 2019-07-22 6715ed2 DOCS Add troubleshooting section for Page and PageController parent classes (Robbie Averill)
  • 2019-07-16 75bec8c Enable better button functionality (#897) (Guy Marriott)
  • 2019-07-15 8703ace validate that a classname had been set (Bram de Leeuw)
  • 2019-07-12 e80795b Add a comment for clarity (Bram de Leeuw)
  • 2019-07-08 d489271 Disable add action in Submissions detail form (Remy Vaartjes)
  • 2019-07-08 f682e74 Enable 4.4 better button functionality (Remy Vaartjes)
  • 2019-07-07 0ba849e Docs and extendable config (#32) (Guy Marriott)
  • 2019-07-05 86de04f More docs (Ingo Schommer)
  • 2019-07-05 67e1b3b Moving theme config to YAML (Ingo Schommer)
  • 2019-07-05 9e5e7ba DOCS add reference to 2.3.1 release (Bryn Whyman)
  • 2019-07-02 cad9369 Add legacy YAML for upgrading (Will Rossiter)
  • 2019-07-01 c152c03 DOCS Clarify public/.htaccess (Ingo Schommer)
  • 2019-06-28 45b3bc5 Change casing in cURL (Robbie Averill)
  • 2019-06-28 65a207e Add note on allow_url_fopen / fopen / file_get_contents (madmatt)
  • 2019-06-27 0114ea4 Remove SilverStripe 4.0-4.2 from Travis builds (Robbie Averill)
  • 2019-06-25 7d27abf Update expected json content type in unit test (Robbie Averill)
  • 2019-06-14 2d0d949 Update @silverstripe/webpack-config to patch vulnerable deps (Garion Herman)
  • 2019-06-14 14675b5 Add NVM config (Garion Herman)
  • 2019-06-12 7014605 Form submission now triggers an event (Adrian Humphreys)
  • 2019-06-05 69690b7 Log severity in queue messages (Ingo Schommer)
  • 2019-05-31 9feef18 Adding documentation about cascading themes (Guy Marriott)
  • 2019-05-27 b7b5624 Remove use of deprecated DB::getConn() and run import optimisation (Robbie Averill)
  • 2019-05-23 9926d7b Update minimum PHP version to 7.1 in Travis (Robbie Averill)
  • 2019-05-23 29320ff Update minimum PHP version to 7.1 in Travis (Robbie Averill)
  • 2019-05-16 8284562 comments extension filters on Parent Class (Heath Dunlop)
  • 2019-05-09 6c15ea4 Update translations (Robbie Averill)
  • 2019-05-08 83a05e2 Remove cms travis dependency (Aaron Carlino)
  • 2019-04-21 374dd63 Bump core constraints to 4.5.x-dev (Robbie Averill)
  • 2019-04-21 c19845e Bump core constraints to 4.5.x-dev (Robbie Averill)
  • 2019-04-15 812a530 Update composer root version in Travis builds (Robbie Averill)
  • 2018-11-07 78b82ec Bump postgres version in Travis configuration to 2.1.x (Robbie Averill)
  • 2018-11-07 b769051 Update path to global composer bin (Robbie Averill)
  • 2018-10-25 36c5536 Change config method & default timeout to null to disable. (James Ayers)
  • 2018-10-24 a29eb83 Update Process timeout via Config (James Ayers)
  • 2018-10-16 9736b26 Update config.yml (Hayden Shaw)
  • 2018-07-30 30b0692 Update README.md (Guy Marriott)
  • 2018-06-15 c3816de Add supported module badge to readme (Dylan Wagstaff)
  • 2018-06-15 6f3cf36 Add supported module badge to readme (Dylan Wagstaff)
  • 2018-06-15 a3ec10c Add supported module badge to readme (Dylan Wagstaff)
  • 2018-06-15 34e281d Add supported module badge to readme (Dylan Wagstaff)
  • 2018-06-15 ac2e699 Add supported module badge to readme (Dylan Wagstaff)
  • 2018-06-15 806f44f Add supported module badge to readme (Dylan Wagstaff)

Was this article helpful?