This upgrade includes CMS and Framework version 3.5.3 which includes bugfixes and some minor feature and API enhancements.

Upgrade to Recipe 1.5.2 is optional, but is recommended for all CWP sites.

This upgrade can be carried out by any development team familiar with SilverStripe CMS, but if you would like SilverStripe's assistance, please let us know.

Details of security issues

This release includes a fix for the following minor security issue:

Upgrading Instructions

In order to update an existing site to use the new basic recipe the following changes to your composer.json can be made:

"require": {
    "cwp/cwp-recipe-basic": "~1.5.2@stable",
    "cwp/cwp-recipe-blog": "~1.5.2@stable",
    "cwp-themes/default": "~1.3.0@stable"
"prefer-stable": true



  • [CWP-825] - Fixes exporting BrokenLinksReport missing columns.

Accepted failing tests

In recipe 1.4.1 these module unit tests cause external errors, but do not represent legitimate issues.


  • UploadFieldTest.testAllowedExtensions — Behaviour intentionally altered by the MimeValidator module
  • UploadFieldTest.testSelect — Behaviour altered by SelectUploadField intentionally
  • UploadTest.testUploadTarGzFileTwiceAppendsNumber — This test is now expected to fail as the new MimeValidator module will no longer allow random content to be uploaded with a mismatched mime and file extension. The original test is attempting to upload a bunch of text as a gzip file.


  • QueuedJobsTest.testImmediateQueuedJob - Test self-aborts when detecting lack of available system resources (inconclusive).
  • QueuedJobsTest.testStartJob - Test self-aborts when detecting lack of available system resources (inconclusive).


Change Log


  • 2017-01-13 c6c6c13 Unescaped title attribute in LeftAndMain_TreeNode::forTemplate (Daniel Hensby) - See ss-2017-001


  • 2017-02-09 59cc516 docs reference to incorrect framework version on release 1.5.2 (Brett Tasker)
  • 2017-02-08 1f3d46b #6606 the JS SiteTree lib depends on whitespace (Daniel Hensby)
  • 2017-02-08 d313fe6 Fix issue with VersionedFiles crashing mid-folder-rename due to outdated has_one cache (Damian Mooyman)
  • 2017-02-08 06f224c Fix sql group error in mysql 5.7 (Damian Mooyman)
  • 2017-02-07 4072408 (QueuedJobService) Broken job status set Wait (Marcus Nyeholt)
  • 2017-01-31 e302c4e Fixed ambiguous column crash caused when publishing a versioned object if the query is joined against another table (UndefinedOffset)
  • 2017-01-31 e9880ca ing travis setup (Daniel Hensby)
  • 2017-01-30 10d9f90 to allow ASSETS_DIR to be a subdirectory (Brendan Halley)
  • 2017-01-24 2f710d6 Improve publish performance for formfields (#538) (Daniel Hensby)
  • 2017-01-24 c640ade ed iframe postmessage breaking non-string messages (Ruud Arentsen)
  • 2017-01-16 17d123a Ensure correct regeneration of ConfigManifest if only one of the cache files is missing (Stephan Bauer)
  • 2017-01-14 1f1fffe Ensure correct regeneration of ConfigManifest if only one of the cache files is missing (fixes #6467) (Stephan Bauer)
  • 2017-01-10 5bba726 Dont attempt to iterate over null in SiteTree::allowedChildren (Daniel Hensby)
  • 2016-12-21 f314b86 Temp disable shortcode SPLIT behaviour due to crash (#6436) (Damian Mooyman)
  • 2016-12-21 ffdb99e Temp disable shortcode SPLIT behaviour due to crash (#6436) (Damian Mooyman)
  • 2016-12-18 222ee6b ed a pagination bug (PingMetal)
  • 2016-12-16 c007e85 Suppress HtmlEditorField casting (Damian Mooyman)
  • 2016-12-13 964827f Update docs to reference changes in cwp/cwp-corephp -i | grep pthre (Matt Peel)
  • 2016-12-08 5248be9 Handle fields with square brackets (Daniel Hensby)
  • 2016-12-06 3fca7b3 hard-coded boolean in CsvBulkLoader (Colin Tucker)
  • 2016-12-05 2181e3b Fix localisation issues (Damian Mooyman)
  • 2016-12-05 224b2a4 Fix localisation issues in CMS (Damian Mooyman)
  • 2016-12-02 465c072 Regression where pages would be indexed under all subsites (Daniel Hensby)
  • 2016-11-29 9ec1d35 Fix behat tests unable to capture HTML editor fields (Damian Mooyman)
  • 2016-11-24 a4760b8 Fixed issue where a shortcode's location would not get set to split when using the class leftAlone (UndefinedOffset)
  • 2016-11-23 03b4e6e Tests shouldnt set date or time format to null (Daniel Hensby)
  • 2016-11-22 b2503ac content authors unable to duplicate top-level pages (fixes #1685) (Loz Calver)
  • 2016-11-21 682e607 Correct response code generated from error pages (Damian Mooyman)
  • 2016-11-04 dd9ade4 UploadField incorrectly setting max upload size (Daniel Hensby)
  • 2015-05-13 ed6114a Fix incorrect extension variable (Damian Mooyman)
  • 2015-04-01 54599b9 Fixed issue where Widget::CMSEditor() can't see the enabled checkbox (UndefinedOffset)

Was this article helpful?