Change Log

Security

  • 2019-01-10 c44f06cdf Patch SQL Injection vulnerability when arrays are assigned to DataObject Fields (Aaron Carlino) - See ss-2018-021
  • 2018-12-06 a2a207f Adjust MultiValueField to work with the new scalarValueOnly method (Maxime Rainville) - See ss-2018-021
  • 2018-09-26 598edd913 Add confirmation token to dev/build (Loz Calver) - See ss-2018-019
  • 2018-05-08 19fdebfa2 Remove dotm, potm, jar, css, js, xltm from default File.allowed_extensions (Robbie Averill) - See ss-2018-014
  • 2018-04-11 577138882 Restrict non-admins from being assigned to admin groups (Damian Mooyman) - See ss-2018-001
  • 2017-11-30 6ba00e829 Prevent disclosure of sensitive information via LoginAttempt (Damian Mooyman) - See ss-2017-009
  • 2017-11-30 db54112f3 Fix user agent invalidation on session startup (Damian Mooyman) - See ss-2017-006
  • 2017-11-29 22ccf3e2f Ensure xls formulae are safely sanitised on output (Damian Mooyman) - See ss-2017-007
  • 2017-11-21 0f2049d4d Fix SQL injection in search engine (Daniel Hensby) - See ss-2017-008
  • 2017-09-04 f0262a8fd User enumeration via timing attack mitigated (Daniel Hensby) - See ss-2017-005

Features and Enhancements

  • 2017-08-24 fdd501182 Ability to override SS_TemplateManifest via Injector (fixes #7305) (Patrick Nelson)

Bugfixes

  • 2019-01-23 746c0679a Injector may instantiate prototypes as if they're singletons (fixes #8567) (Loz Calver)
  • 2018-11-15 86701b8cd Redirect loop with multiple URL tokens (fixes #8607) (Loz Calver)
  • 2018-06-04 41e601a03 Regression from #8009 (Daniel Hensby)
  • 2018-06-01 5b47edc Fix broken links (#94) (Raissa North)
  • 2018-06-01 ce1db58 Fix broken link (#92) (Raissa North)
  • 2018-06-01 1012ccb Fix broken link (Raissa North)
  • 2018-06-01 af89140 Fix broken link in developer docs (#91) (Raissa North)
  • 2018-06-01 60a98be Fix broken links in developer docs (Raissa North)
  • 2018-05-29 1cbf27e0f PHP 5.3 compat for referencing $this in closure, and make method public for same reason (Robbie Averill)
  • 2018-05-18 c7ab8df Fix broken links (Raissa North)
  • 2018-04-23 838ce23 fix regex in performance guide htaccess rules (Tomas Cantwell)
  • 2018-04-22 dca8ae5 fix regex issue in performance docs (Tomas Cantwell)
  • 2018-04-17 af3a9f3ec Duplicating many_many relationships looses the extra fields (fixes #7973) (UndefinedOffset)
  • 2018-03-15 d17d93f7 Remove SearchForm results() function from allowed_actions (Steve Dixon)
  • 2018-02-16 86addea1d Split HTML manipulation to onadd, so elements are not accidentally duplicated (Christopher Joe)
  • 2018-02-13 c767e472d DataObject singleton creation (Jonathon Menz)
  • 2018-01-26 416915b08 tableName is blank in CompositeDBField->addToQuery (Dominik Beerbohm)
  • 2018-01-25 cf69d0486 Fix ping including requirements (Damian Mooyman)
  • 2018-01-24 c2cd6b383 Fix Member_GroupSet::removeAll() (fixes #3948) (Loz Calver)
  • 2018-01-24 f2b4c192e Fix UploadField cuts off “Save” button (closes #2862) (Loz Calver)
  • 2018-01-23 7384e3fc2 Gridfields with dropdowns having lots of overflow (Scott Hutchinson)
  • 2018-01-09 2ef4a2d4e , adding a missing return statement. (Nathan)
  • 2017-12-21 44930f211 Allow HTML 5 input tags in FunctionalTest form submissions (Daniel Hensby)
  • 2017-12-14 81150c592 Use PHP 5.3 array syntax (Daniel Hensby)
  • 2017-12-12 91dedf6 fix(MultiValueField) Better support for 3.5+ which uses the 'value' field in attributes exclusively (Marcus Nyeholt)
  • 2017-12-12 0d9ed71 fix(multivaluefield.css) Revert previous display inline block which breaks the field in the CMS (Marcus Nyeholt)
  • 2017-12-12 9256ddb fix(MultiValueField) solves issue 51 (not tagging it because it's not fixed in master yet) (Marcus Nyeholt)
  • 2017-12-05 8477de15 Remove unused Behat tests from 3.6 branch (Robbie Averill)
  • 2017-11-30 84d7afb34 Use baseDataClass for allVersions as with other methods (Daniel Hensby)
  • 2017-11-24 09a003bc1 Fix deprecated usage of getMock in unit tests (Daniel Hensby)
  • 2017-11-23 2ad3cc07d Update meber passwordencryption to default on password change (Daniel Hensby)
  • 2017-11-22 ef6d86f2c Allow lowercase and uppercase delcaration of legacy Int class (Daniel Hensby)
  • 2017-11-22 ec8ad45 fix: added missing image for private modules (Tomas Cantwell)
  • 2017-11-16 dda14e895 Fix HTTP::get_mime_type with uppercase filenames. (Roman Schmid)
  • 2017-11-16 52f0eadd3 for #7606: Ensure the object we're handling is actually an Image instance before calling methods specific to that class (e.g. in case of using SVG's in <img> tag which may be File instances). (Patrick Nelson)
  • 2017-11-15 ce3fd370f ManyMany link table joined with LEFT JOIN (Daniel Hensby)
  • 2017-11-09 1053de7ec Don't redirect in force_redirect() in CLI (Damian Mooyman)
  • 2017-10-25 cbac37559 Helpful warning when phpunit bootstrap appears misconfigured (Daniel Hensby)
  • 2017-10-25 32cef975e Use self::inst() for Injector/Config nest methods (Daniel Hensby)
  • 2017-10-19 a73d5b41 revert to this button after archiving (Christopher Joe)
  • 2017-10-12 fd39faee UploadField overwriteWarning isn't working in AssetAdmin (Jason)
  • 2017-10-09 264cec123 Dont use var_export for cache key generation as it fails on circular references (Daniel Hensby)
  • 2017-10-04 24e190ea Fix: TreeDropdownField showing broken page icons (fixes silverstripe/silverstripe-framework#7420) (Loz Calver)
  • 2017-09-28 378c7fa Return self for setValue (Daniel Hensby)
  • 2017-09-26 ebe1de8d8 Fix ArrayList sort error with old (supported) PHP (Dylan Wagstaff)
  • 2017-09-12 0aac4ddb Default LoginForm generated from default_authenticator (Daniel Hensby)
  • 2017-09-12 091d99f59 Authenticators are more resilient to incomplete configuration (Daniel Hensby)
  • 2017-08-28 7b200a2a6 Fix add combinedFiles to clear logic (Christopher Joe)
  • 2017-08-16 eb80a5f9e LastEdited no longer updated on skipped writes (Daniel Hensby)
  • 2017-08-14 b04a1ab41 Fix Truncate Error Issue when using views in a Unittest. (James Pluck)
  • 2017-08-13 2f579b64c Files without extensions (folders) do not have a trailing period added (Robbie Averill)
  • 2017-08-06 59b28f7d5 Fixes #7181 to config system for userland config of node display limits. (Russell Michell)
  • 2017-07-26 31c5eebda Avoid JS errors for HTMLEditorFields in small holders (Daniel Hensby)
  • 2017-07-26 82c0632f4 Fix: Use Config API for MemberAuthenticator::$migrate_legacy_hashes (fixes #7208) (Loz Calver)
  • 2017-07-19 292aaf653 Cache IDs grouped by site first (Daniel Hensby)
  • 2017-07-18 b77274c1a Add unique prefix to cache stores to prevent cache leak (Daniel Hensby)
  • 2017-07-17 515a7cb5 Make sure VirtualPage renders correct templates (Daniel Hensby)
  • 2017-07-10 960a0f834 Fix: Make File::ini2bytes() compliant with binary prefixes (fixes #7145) (Loz Calver)
  • 2017-07-06 a6db16b22 Fix OS X issue with Convert::html2raw, HTMLText::FirstSentence, HTMLText::Summary and Text::FirstSentence. (Roman Schmid)
  • 2017-07-04 00f1ad5d6 Fixes #7116 Improves server requirements docs viz: OpCaches. (Russell Michell)
  • 2017-06-30 81b0a15 fix(composer) Installer path fix (Marcus Nyeholt)
  • 2017-06-29 79a7b1016 add missing $rootCall param from LeftAndMain (Daniel Hensby)
  • 2017-06-20 e2116a70e Text colour in GridField filter headers for dropdown fields (Robbie Averill)
  • 2017-06-14 2afe018dc Ensure HasManyList foreign ID filter includes table name (fixes #7023) (Loz Calver)
  • 2017-06-12 53c84d93d Fix changetracker checkbox bugs (Brian Cairns)
  • 2017-06-12 a5c84b12a Order of conditionals for getting default admin (Daniel Hensby)
  • 2017-06-06 4ad2cae86 Upload_Validator failed to fetch max size from PHP ini values (fixes #6999) (Loz Calver)
  • 2017-06-05 5f5bfa5e7 Fix create temp folder if it does not exist (Christopher Joe)
  • 2017-06-02 4b9d5dceb Fix tinymce image selection issue in newer versions of Chrome (Christopher Joe)
  • 2017-05-09 3dd303679 Ensure GridState_Component is added to GridField config even if we set config with GridField::setConfig (Klemen Dolinsek)
  • 2017-02-21 f647b1c , check whether sortable exists before trying to use it. (Nathan Glasl)
  • 2016-10-21 8e5bb6fbd Fix : relObject() should return null if one of the node is null (Jason)
  • 2016-08-15 0fbe9c7 fix formatting (Jake Ovenden)
  • 2016-08-04 2fa550e fix typo (Jake Ovenden)
  • 2016-03-20 805c38f10 don't try and switch out of context of the tab system (Stevie Mayhew)
  • 2016-03-15 22b3a71ec fixing val reference to url in https hotlink (Denise Rivera)
  • 2015-04-22 1f63637b9 for #4095, TinyMCE not able to modify props of embed media (bug 1) and invalid HTML inserted (bug 2) (Patrick Nelson)

Other changes

  • 2019-02-18 ea33b00 Remove obsolete CWP repository configuration (Robbie Averill)
  • 2018-12-04 cd47ef5 detail what is synced in Active DR (Moss Cantwell)
  • 2018-08-09 d9094a4 Update realme_authentication.md (JessicaSilverStripe)
  • 2018-08-08 6674e32 Update realme_authentication.md (JessicaSilverStripe)
  • 2018-07-10 08d46b2 Mention php 7 can be enabled (jovenden)
  • 2018-06-02 c1b0c5678 Increase memory limit to 2G in Travis builds (Robbie Averill)
  • 2018-05-20 dc63bfb DOCS Fix broken link in solr search reference (Robbie Averill)
  • 2018-05-20 010817b Switch dash to underscore (Robbie Averill)
  • 2018-04-27 766b2a494 Address issue #8038 (Matthew Walker)
  • 2018-04-17 36198c482 Removed extra lookup of the list (UndefinedOffset)
  • 2018-04-11 51d4d2c11 Update some phpdocs that had typos, missing parts or incorrect formats (Robbie Averill)
  • 2018-04-10 6bce88b6b README fix contributing-link, add httpS (Lukas)
  • 2018-03-27 61463424f Support file grammer improvements (Daniel Hensby)
  • 2018-03-20 78896a73e Update link forum (Lukas)
  • 2018-03-11 6fb8d27ac Updated the DocBlock for ManyManyList's add() method (Benjamin Blake)
  • 2018-02-20 8b81e36 DOCS Replace arbitrary examples referencing 2.0.0 (Raissa North)
  • 2018-02-12 e3cdefaa3 Add support.md file (Daniel Hensby)
  • 2018-02-12 24ea2638f Create licence file so that GitHub (and humans) can more easily find it (Daniel Hensby)
  • 2018-01-23 f214cd52e Ensure currentUserID() returns an int (Steve Boyd)
  • 2018-01-12 396005381 JSON.parse does not like empty strings (Tobias Oetiker)
  • 2018-01-10 12ee49cc Use regex with word boundaries to replace 'active' (Steve Boyd)
  • 2018-01-10 fa8b9c14 Update page history javascript so that it does not continously call element.compareDocumentPosition (Steve Boyd)
  • 2018-01-09 4adef08 Update installation docs now that repos are in Github (jovenden)
  • 2018-01-07 b43538f Freeze Transifex translations for SS3. Please commit directly to lang files. (Robbie Averill)
  • 2017-12-20 7f5e1cd Freeze Transifex translations for SS3. Please commit directly to lang files. (Robbie Averill)
  • 2017-12-14 19716fa Add Travis and Scrutinizer configuration, lock dependencies to a major version (Robbie Averill)
  • 2017-12-07 052f11a42 Remove merge artifact (Damian Mooyman)
  • 2017-12-05 8d1a5ed8b More code style fixes (Daniel Hensby)
  • 2017-11-30 2aa1d8f2c remove create_function usage (Daniel Hensby)
  • 2017-11-24 7b719d7b9 Specify Firefox 31 for Travis Behat builds (Loz Calver)
  • 2017-11-22 a63bb12d9 Travis retry on imagick install (Daniel Hensby)
  • 2017-11-20 31655a4 Update translations (Robbie Averill)
  • 2017-11-20 c155178 Remove obsolete branch-alias (Robbie Averill)
  • 2017-11-20 d39e9b0bb Make DataDifferencer injectable (Ingo Schommer)
  • 2017-11-17 14eeb10d Remove php7 test suite as its pointless (Daniel Hensby)
  • 2017-11-17 4e73f928 Loosen PHPUnit constraints (Daniel Hensby)
  • 2017-11-17 36bb28a41 Loosen PHPUnit constraints (Daniel Hensby)
  • 2017-11-17 39edaedc Loosen PHPUnit constraints (Daniel Hensby)
  • 2017-11-17 b406d872 Loosen PHPUnit constraints (Daniel Hensby)
  • 2017-11-16 4f3deb13e TEST filterAny on many_many relations return correct items (Daniel Hensby)
  • 2017-11-16 3d3096485 TEST Uppercase file extensions return correct mime type (Daniel Hensby)
  • 2017-11-07 987995f Exclude Files from search query when ShowInSearch is false (Glen Peek)
  • 2017-10-31 4146195 Update docs for "Supporting large numbers of file" (Glen Peek)
  • 2017-10-25 16a459fd Add composer autoloading support to 3.x (Daniel Hensby)
  • 2017-10-25 a548f029 Add composer autoloading support to 3.x (Daniel Hensby)
  • 2017-10-25 9e31c324 Add composer autoloading support to 3.x (Daniel Hensby)
  • 2017-10-25 8aad08051 Add composer autoloading support to 3.x (Daniel Hensby)
  • 2017-10-24 29bf040 Terminology change: instance is now stack. (Mateusz Uzdowski)
  • 2017-10-20 c4a50a3d1 Spelling in DataQueryTest (Andrew Aitken-Fincham)
  • 2017-10-16 9ae6fbff SiteTree check if in DB before delete children (Aaron Carlino)
  • 2017-10-13 dbc54351 Only require CMSMain.EditForm if CMS_DIR is defined (jovenden)
  • 2017-09-28 634d5e3 DOC 1.7 release notes (Franco Springveldt)
  • 2017-09-06 eacfe280c TreeDropdownField: replace onadd by onmatch (Matthias Schelling)
  • 2017-08-24 b78c1633 sanitize class names for cms icons (Andrew Aitken-Fincham)
  • 2017-08-16 1ae07ac2a TEST Prove LastEdited is updated when no changes are made (Daniel Hensby)
  • 2017-07-28 6494bc820 Move spyc dependency to composer (Daniel Hensby)
  • 2017-07-26 4e352fd0 Stay on travis precise for now (Daniel Hensby)
  • 2017-07-26 28b79c88 Stay on travis precise for now (Daniel Hensby)
  • 2017-07-25 ba8c149b7 Stay on travis precise dist for now (Daniel Hensby)
  • 2017-07-25 a7d3d82d Stay on travis precise dist for now (Daniel Hensby)
  • 2017-07-19 7b6aad8a6 Revert "TreeDropDown performance boost." (Daniel Hensby)
  • 2017-07-05 6dcc5f6 style(multivaluefield) fix display of mv fields when used on the frontend of sites (Marcus Nyeholt)
  • 2017-07-05 5caef275 Add archive to list of validation-exempt actions (Loz Calver)
  • 2017-06-23 83dae0fb Add PHP 7.1 and SS 3.6 build to Travis configuration (Robbie Averill)
  • 2017-06-23 4490c59a Add Travis configuration with PHP 7.1 build for SS 3.6 (Robbie Averill)
  • 2017-06-21 b2d362beb Html editor selection is now properly stored while the dialog is open. (Mojmir Fendek)
  • 2017-06-16 5b6a39e71 TreeDropDown performance boost. (Mojmir Fendek)
  • 2017-06-15 344c53413 _t function parameter documentation fix (3Dgoo)
  • 2017-06-14 b61c3ac8c keep PNG transparancy on GDBackend::rotatePixelByPixel (Sander Hagenaars)
  • 2017-05-04 618c7f12 changed to static function so that subclasses of Versioned will be picked up (John Milmine)
  • 2017-03-08 445aba2a5 Do not default to locale if hasEmptyDefault is true (Matthew Hailwood)
  • 2016-09-30 a24f960 Mention solr 3 is not supported anymore. (Mateusz Uzdowski)
  • 2016-09-30 87e68e1 Mention solr 3 is deprecated. (Mateusz Uzdowski)
  • 2016-09-29 f73a8a8 Ensure both ART and WPD addresses are whitelisted (John)
  • 2016-08-29 15aa668 Update release dates (Damian Mooyman)
  • 2016-08-05 59bceba add examples to docs (Jake Ovenden)
  • 2016-08-05 a45d2c4 document pdf_base_url (Jake Ovenden)
  • 2016-08-04 269f283 Title change in PDF docs (Jake Ovenden)
  • 2016-08-04 21d000d changes to documentation (Jake Ovenden)
  • 2016-03-15 5612b498b allowes hhtps hotlinking on TinyMCE (Denise Rivera)
  • 2016-03-04 488f42b Remove master build, branch isn't compatible (Ingo Schommer)
  • 2015-07-27 5df1ec7ee Use fputcsv in GridFieldExportButton (JorisDebonnet)

Was this article helpful?