This release includes the following Silverstripe CMS Recipe releases:

Upgrading to Recipe 2.7.1 is recommended for all CWP sites. This upgrade can be carried out by any development team familiar with the Silverstripe CMS. However, if you would like Silverstripe and the CWP team's assistance, you can request support via the Service Desk.

Security considerations

This release includes security fixes. Please see the release announcements for more detailed descriptions of each but note that the following issues may have modified CVSS Environmental scores which take built-in protections from the CWP platform into account. We highly encourage upgrading CWP projects to include latest security patches nonetheless.

We have provided a high-level severity rating of the vulnerabilities below based on the CVSS score, however please note this could vary based on the specifics of each project. You can read the severity rating definitions in the Silverstripe CMS release process.

Notable bugfixes

Elemental Popover bugs

A series of bugs affected the Elemental popover used to add blocks to an elemental area. Fixes have been developed to control the width of the popover and make sure only one popover is open at a time.

Toast notifications initialisation

In some context, the CMS would try to display a toast notification prior to being initialised. This would crash the CMS UI.

Systematically disable HTTP caching on all MFA request

In some context, the login screen would cache the MFA challenge, preventing the user from entering their MFA code.

Upgrading instructions

In order to update an existing site to use the new CWP recipe the following changes to your composer.json can be made:

"require": {
    "cwp/cwp-recipe-core": "2.7.1@stable",
    "cwp/cwp-recipe-cms": "2.7.1@stable",
    "silverstripe/recipe-blog": "1.7.1@stable",
    "silverstripe/recipe-form-building": "1.7.1@stable",
    "silverstripe/recipe-authoring-tools": "1.7.1@stable",
    "silverstripe/recipe-collaboration": "1.7.1@stable",
    "silverstripe/recipe-reporting-tools": "1.7.1@stable",
    "cwp/cwp-recipe-search": "2.7.1@stable",
    "silverstripe/recipe-services": "1.7.1@stable",
    "tractorcow/silverstripe-fluent": "4.5.1@stable",
    "silverstripe/registry": "2.2.1@stable",
    "cwp/starter-theme": "3.1.0@stable"
"prefer-stable": true

Change Log


  • symbiote/silverstripe-queuedjobs (4.6.2 -> 4.6.4)
    • 2021-01-04 4c8aa39 [CVE-2021-27938] Prevent echoing request variable (Steve Boyd)

Features and Enhancements

  • cwp/cwp-core (2.7.0 -> 2.7.1)

    • 2021-01-14 6c45d74 Remove title attributes from links (#93) (Mark Anthony Adriano)
  • silverstripe/userforms (5.8.1 -> 5.8.3)

    • 2021-03-04 b3ee7f4 Use yarn and webpack to upgrade jquery (Steve Boyd)
    • 2021-01-17 e7f51d2 Move jQuery include away from CDN (#1019) (Dylan Wagstaff)


  • silverstripe/userforms (5.8.1 -> 5.8.3)

    • 2021-01-17 c0a30f1 unrequire fields when they become dataless (#1016) (Dylan Wagstaff)
    • 2021-01-17 a427296 account for owner class while removing orphans (#1018) (Dylan Wagstaff)
  • silverstripe/sharedraftcontent (2.3.4 -> 2.3.5)

    • 2020-11-10 42f2912 Quote yml, use shared travis config, use sminnee/phpunit (Steve Boyd)
  • silverstripe/externallinks (2.1.0 -> 2.1.1)

    • 2021-02-03 b4c210f Exclude links attached to archived Pages from report (#72) (Garion Herman)
  • silverstripe/versionfeed (2.0.2 -> 2.0.3)

    • 2020-11-09 5cc58a1 Quote yml, use shared travis config, sminnee/phpunit (Steve Boyd)
  • silverstripe/mfa (4.2.0 -> 4.2.2)

    • 2021-02-02 b1f48d5 Disable HTTP caching on all relevant MFA API endpoints (Garion Herman)
    • 2021-01-26 972d840 Explicitly disable browser cache on verification response (Steve Boyd)
    • 2021-01-18 732f6b9 PHPUnit test compatibility with PHP8 (#418) (Steve Boyd)
  • silverstripe/totp-authenticator (4.1.0 -> 4.1.1)

    • 2021-01-20 9b5c4fc Improve authentication layout in IE 11 (Garion Herman)


  • cwp/cwp (2.7.0 -> 2.7.1)
    • 2021-01-12 9e5faae Add notes about default collation change in 2.7.0 (Garion Herman)

Other changes

  • cwp/cwp (2.7.0 -> 2.7.1)

    • 2020-11-18 9f2021a Move translation commits to other changes section (Steve Boyd)
  • silverstripe/elemental-fileblock (2.1.1 -> 2.1.2)

    • 2021-01-02 03bb0b2 Revert translation (Steve Boyd)
  • silverstripe/elemental-bannerblock (2.2.0 -> 2.2.1)

    • 2021-01-19 1ccc520 Require minimum recipe of 4.7.x-dev (Steve Boyd)
    • 2021-01-02 147d7e5 Revert translation (Steve Boyd)

Was this article helpful?