_Important: Please use CWP 1.6.2 instead._

Change Log

Security

  • 2019-01-10 c44f06cdf Patch SQL Injection vulnerability when arrays are assigned to DataObject Fields (Aaron Carlino) - See ss-2018-021
  • 2018-12-06 bbd1a51 Adjust MultiValueField to work with the new scalarValueOnly method (Maxime Rainville) - See ss-2018-021
  • 2018-09-26 598edd913 Add confirmation token to dev/build (Loz Calver) - See ss-2018-019
  • 2018-05-08 19fdebfa2 Remove dotm, potm, jar, css, js, xltm from default File.allowed_extensions (Robbie Averill) - See ss-2018-014
  • 2018-04-11 577138882 Restrict non-admins from being assigned to admin groups (Damian Mooyman) - See ss-2018-001
  • 2017-11-30 6ba00e829 Prevent disclosure of sensitive information via LoginAttempt (Damian Mooyman) - See ss-2017-009
  • 2017-11-30 db54112f3 Fix user agent invalidation on session startup (Damian Mooyman) - See ss-2017-006
  • 2017-11-29 22ccf3e2f Ensure xls formulae are safely sanitised on output (Damian Mooyman) - See ss-2017-007
  • 2017-11-21 0f2049d4d Fix SQL injection in search engine (Daniel Hensby) - See ss-2017-008
  • 2017-09-04 f0262a8fd User enumeration via timing attack mitigated (Daniel Hensby) - See ss-2017-005
  • 2017-05-25 25b77a2ff SVG uploads disabled by default (Daniel Hensby) - See ss-2017-017

Features and Enhancements

  • 2017-08-24 fdd501182 Ability to override SS_TemplateManifest via Injector (fixes #7305) (Patrick Nelson)

Bugfixes

  • 2019-01-23 746c0679a Injector may instantiate prototypes as if they're singletons (fixes #8567) (Loz Calver)
  • 2018-11-15 86701b8cd Redirect loop with multiple URL tokens (fixes #8607) (Loz Calver)
  • 2018-06-04 41e601a03 Regression from #8009 (Daniel Hensby)
  • 2018-06-01 ce1db58 Fix broken link (#92) (Raissa North)
  • 2018-06-01 1012ccb Fix broken link (Raissa North)
  • 2018-06-01 af89140 Fix broken link in developer docs (#91) (Raissa North)
  • 2018-06-01 60a98be Fix broken links in developer docs (Raissa North)
  • 2018-05-29 1cbf27e0f PHP 5.3 compat for referencing $this in closure, and make method public for same reason (Robbie Averill)
  • 2018-05-18 c7ab8df Fix broken links (Raissa North)
  • 2018-04-22 dca8ae5 fix regex issue in performance docs (Tomas Cantwell)
  • 2018-04-17 af3a9f3ec Duplicating many_many relationships looses the extra fields (fixes #7973) (UndefinedOffset)
  • 2018-03-15 d17d93f7 Remove SearchForm results() function from allowed_actions (Steve Dixon)
  • 2018-02-16 86addea1d Split HTML manipulation to onadd, so elements are not accidentally duplicated (Christopher Joe)
  • 2018-02-13 c767e472d DataObject singleton creation (Jonathon Menz)
  • 2018-01-26 416915b08 tableName is blank in CompositeDBField->addToQuery (Dominik Beerbohm)
  • 2018-01-25 cf69d0486 Fix ping including requirements (Damian Mooyman)
  • 2018-01-24 c2cd6b383 Fix Member_GroupSet::removeAll() (fixes #3948) (Loz Calver)
  • 2018-01-24 f2b4c192e Fix UploadField cuts off “Save” button (closes #2862) (Loz Calver)
  • 2018-01-23 7384e3fc2 Gridfields with dropdowns having lots of overflow (Scott Hutchinson)
  • 2018-01-09 2ef4a2d4e , adding a missing return statement. (Nathan)
  • 2017-12-21 44930f211 Allow HTML 5 input tags in FunctionalTest form submissions (Daniel Hensby)
  • 2017-12-14 81150c592 Use PHP 5.3 array syntax (Daniel Hensby)
  • 2017-12-05 8477de15 Remove unused Behat tests from 3.6 branch (Robbie Averill)
  • 2017-11-30 84d7afb34 Use baseDataClass for allVersions as with other methods (Daniel Hensby)
  • 2017-11-24 09a003bc1 Fix deprecated usage of getMock in unit tests (Daniel Hensby)
  • 2017-11-23 2ad3cc07d Update meber passwordencryption to default on password change (Daniel Hensby)
  • 2017-11-22 ef6d86f2c Allow lowercase and uppercase delcaration of legacy Int class (Daniel Hensby)
  • 2017-11-22 ec8ad45 fix: added missing image for private modules (Tomas Cantwell)
  • 2017-11-16 dda14e895 Fix HTTP::get_mime_type with uppercase filenames. (Roman Schmid)
  • 2017-11-16 52f0eadd3 for #7606: Ensure the object we're handling is actually an Image instance before calling methods specific to that class (e.g. in case of using SVG's in <img> tag which may be File instances). (Patrick Nelson)
  • 2017-11-15 ce3fd370f ManyMany link table joined with LEFT JOIN (Daniel Hensby)
  • 2017-11-09 1053de7ec Don't redirect in force_redirect() in CLI (Damian Mooyman)
  • 2017-10-25 cbac37559 Helpful warning when phpunit bootstrap appears misconfigured (Daniel Hensby)
  • 2017-10-25 32cef975e Use self::inst() for Injector/Config nest methods (Daniel Hensby)
  • 2017-10-19 a73d5b41 revert to this button after archiving (Christopher Joe)
  • 2017-10-12 fd39faee UploadField overwriteWarning isn't working in AssetAdmin (Jason)
  • 2017-10-09 264cec123 Dont use var_export for cache key generation as it fails on circular references (Daniel Hensby)
  • 2017-10-04 24e190ea Fix: TreeDropdownField showing broken page icons (fixes silverstripe/silverstripe-framework#7420) (Loz Calver)
  • 2017-09-28 378c7fa Return self for setValue (Daniel Hensby)
  • 2017-09-26 ebe1de8d8 Fix ArrayList sort error with old (supported) PHP (Dylan Wagstaff)
  • 2017-09-12 0aac4ddb Default LoginForm generated from default_authenticator (Daniel Hensby)
  • 2017-09-12 091d99f59 Authenticators are more resilient to incomplete configuration (Daniel Hensby)
  • 2017-08-28 7b200a2a6 Fix add combinedFiles to clear logic (Christopher Joe)
  • 2017-08-16 eb80a5f9e LastEdited no longer updated on skipped writes (Daniel Hensby)
  • 2017-08-14 b04a1ab41 Fix Truncate Error Issue when using views in a Unittest. (James Pluck)
  • 2017-08-13 2f579b64c Files without extensions (folders) do not have a trailing period added (Robbie Averill)
  • 2017-08-06 59b28f7d5 Fixes #7181 to config system for userland config of node display limits. (Russell Michell)
  • 2017-07-26 31c5eebda Avoid JS errors for HTMLEditorFields in small holders (Daniel Hensby)
  • 2017-07-26 82c0632f4 Fix: Use Config API for MemberAuthenticator::$migrate_legacy_hashes (fixes #7208) (Loz Calver)
  • 2017-07-19 292aaf653 Cache IDs grouped by site first (Daniel Hensby)
  • 2017-07-18 b77274c1a Add unique prefix to cache stores to prevent cache leak (Daniel Hensby)
  • 2017-07-17 515a7cb5 Make sure VirtualPage renders correct templates (Daniel Hensby)
  • 2017-07-10 960a0f834 Fix: Make File::ini2bytes() compliant with binary prefixes (fixes #7145) (Loz Calver)
  • 2017-07-09 8f2aaf5 Fixed link formats in performance guide docs (Ingo Schommer)
  • 2017-07-06 a6db16b22 Fix OS X issue with Convert::html2raw, HTMLText::FirstSentence, HTMLText::Summary and Text::FirstSentence. (Roman Schmid)
  • 2017-07-06 a8860d9 Fix formatting errors (Glen Peek)
  • 2017-07-06 3572328 Fix getBaseStyles examples (Glen Peek)
  • 2017-07-04 00f1ad5d6 Fixes #7116 Improves server requirements docs viz: OpCaches. (Russell Michell)
  • 2017-06-29 79a7b1016 add missing $rootCall param from LeftAndMain (Daniel Hensby)
  • 2017-06-20 e2116a70e Text colour in GridField filter headers for dropdown fields (Robbie Averill)
  • 2017-06-14 b33a16a Fix ADFS docs to account for DR instances (John)
  • 2017-06-14 2afe018dc Ensure HasManyList foreign ID filter includes table name (fixes #7023) (Loz Calver)
  • 2017-06-14 1073eca2f Bugfix: Complex (curly) syntax (Marcz Hermo)
  • 2017-06-14 fd57bd910 Update help link from 3.5 to 3.6 (Robbie Averill)
  • 2017-06-12 53c84d93d Fix changetracker checkbox bugs (Brian Cairns)
  • 2017-06-12 f0c00bfb7 Fixing language typo in docs (3Dgoo)
  • 2017-06-12 a5c84b12a Order of conditionals for getting default admin (Daniel Hensby)
  • 2017-06-06 4ad2cae86 Upload_Validator failed to fetch max size from PHP ini values (fixes #6999) (Loz Calver)
  • 2017-06-05 5f5bfa5e7 Fix create temp folder if it does not exist (Christopher Joe)
  • 2017-06-02 a52ed03b4 Upgrade old style constructors that were missed (Daniel Hensby)
  • 2017-06-02 4b9d5dceb Fix tinymce image selection issue in newer versions of Chrome (Christopher Joe)
  • 2017-05-29 b4368196d Use plural name for ModelAdmin tab name (Robbie Averill)
  • 2017-05-09 3dd303679 Ensure GridState_Component is added to GridField config even if we set config with GridField::setConfig (Klemen Dolinsek)
  • 2016-10-21 8e5bb6fbd Fix : relObject() should return null if one of the node is null (Jason)
  • 2016-08-15 0fbe9c7 fix formatting (Jake Ovenden)
  • 2016-08-04 2fa550e fix typo (Jake Ovenden)
  • 2016-03-20 805c38f10 don't try and switch out of context of the tab system (Stevie Mayhew)
  • 2016-03-15 22b3a71ec fixing val reference to url in https hotlink (Denise Rivera)
  • 2015-04-22 1f63637b9 for #4095, TinyMCE not able to modify props of embed media (bug 1) and invalid HTML inserted (bug 2) (Patrick Nelson)

Was this article helpful?