We are happy to announce the 2.1.0 quarterly release of the CWP recipe.

This upgrade includes CMS and Framework version 4.2.0

Upgrade to Recipe 2.1.0 is optional, but is recommended for all CWP sites currently on CWP 2.0.0 or above.

It contains new features which help you make decisions on an upgrade path (via the Installed Modules Report), as well as important changes to make caching of your sites safer and easier. As part of the caching changes, we’ve deprecated the (optional) controllerpolicy module, and recommend new core APIs for sending HTTP cache headers instead. If you are not caching your site, this is a great time to start: Fast sites make happy users, and are more resilient to traffic spikes. Read our CWP Performance Guide for details.

If your site is currently on CWP 1.x and you wish to upgrade, you can see what’s involved in our Upgrading to CWP 2.0 resource. More information on upgrading major versions of CWP can be found in the online documentation.

New Features

Installed Modules Report

Developed for the Common Web Platform as a co-fund submission, the Installed Modules Report otherwise named in the submission as the ‘Site Summariser’ has been built to provide agencies with access to module information, allowing them to make faster and more informed decisions about upgrading their site and modules.

Bringing site and module information to the CMS, the Installed Modules Report aims to:

  • Provide those responsible for agency sites to access a snapshot on the current build of their site and what upgrades are available.
  • Provide a list of what modules are utilised by the site and where further information can be found relating to user help documentation and module features.
  • Highlight known module security issues.
  • Provide a ‘health’ rating of each module based on the security and build quality.

The Installed Modules report can be added to your site through the combination of the below repositories. Consult with your development team to have this added to your site.

Information on accessing the report is covered in this user guide.

Page History Viewer

The CWP 2.0 release introduced content blocks through the silverstripe-elemental module. This release builds on that functionality by introducing a feature developed as a co-fund submission that focuses on improving the page history viewer.

With a need for CMS users to confidently and accurately understand what has changed on a page that utilises content blocks, improvements have been made to allow users to review the edit history of both the content blocks as individual components as well as a group of content blocks sitting on a particular page.

This improvement allows content blocks to be auditable and supports compliance with Official Information Act requests and Information and Records Management standards.

Caching Improvements

HTTP caching is an important part of making websites fast and reliable. This CWP release aims to avoid mistakes in the process by providing more high level HTTP Caching APIs. The default system behaviour will also pick up more situations where caching needs to be disabled automatically, for example when previewing draft content. CWP projects can choose to make this behaviour more secure by opting out of session-based draft stages and solely relying on the ?stage=Stage parameter.

Security Changes

  • Resolved a potential SQL injection exploit in the silverstripe-subsites module. While it was not likely to be exploitable, the issue has been mitigated. See SS-2018-016.

For details on these and previous security fixes, please refer to our security release announcement page.

Upgrading Instructions

This upgrade can be carried out by any development team familiar with SilverStripe CMS, but if would like SilverStripe's assistance, you can request support via the Service Desk.

In order to update an existing site to use the new recipe the following changes to your composer.json can be made:

"require": {
    "php": ">=5.6.0",
    "silverstripe/recipe-plugin": "^1",
    "cwp/cwp-recipe-core": "2.1.0@stable",
    "cwp/cwp-recipe-cms": "2.1.0@stable",
    "silverstripe/recipe-blog": "1.1.0@stable",
    "silverstripe/recipe-form-building": "1.1.0@stable",
    "silverstripe/recipe-authoring-tools": "1.1.0@stable",
    "silverstripe/recipe-collaboration": "1.1.0@stable",
    "silverstripe/recipe-reporting-tools": "1.1.0@stable",
    "cwp/cwp-recipe-search": "2.1.0@stable",
    "silverstripe/recipe-services": "1.1.0@stable",
    "silverstripe/subsites": "2.1.0@stable",
    "tractorcow/silverstripe-fluent": "4.1.3@stable",
    "silverstripe/registry": "2.1.0@stable",
    "cwp/starter-theme": "2.0.1@stable"

Inclusion of the new Installed Module Report, mentioned above, requires both the above upgrade step as well as the separate recipe requirement silverstripe/recipe-reporting-tools 1.1.0. This recipe is included by default with CWP 2.1.0 installations, however if you are upgrading you will need to update your constraint to 2.1.0.

A stable version of silverstripe/textextraction (3.0.0) is now available for use in CWP 2.1.

Other Notable changes

  • The default project name has been changed from mysite to app
  • Disable session-based stage setting in Versioned
  • Versioned cache segmentation by stage

Accepted Failing Tests

All noted failures have been fixed and will be resolved in the next CWP 2.1 or 2.x recipe release.


  • SilverStripe\AssetAdmin\Tests\Controller\AssetAdminTest::testSaveOrPublish (issue)
  • SilverStripe\CMS\Tests\Model\SiteTreeTest::testCanEditWithAccessToAllSections (issue)
  • SilverStripe\CMS\Tests\Model\SiteTreeTest::testCanPublish (issue)
  • SilverStripe\AssetAdmin\Tests\Forms\FileFormBuilderTest::testCreateFileForm: affected by global state
  • SilverStripe\AssetAdmin\Tests\GraphQL\FolderTypeCreatorTest::testItDoesNotFilterByParentIdWithRecursiveFlag: affected by global state
  • SilverStripe\AssetAdmin\Tests\Forms\RemoteFileFormFactoryTest::testRejectedURLS: affected by global state


  • DNADesign\Elemental\Tests\ElementalAreaTest::testCanBePublished: Affected by global state


  • SilverStripe\VersionFeed\Tests\VersionFeedTest::testRateLimiting

Change Log


  • 2018-07-15 4b6804e Group table name is escaped to prevent possibility of SQL injection (Robbie Averill) - See ss-2018-016

API Changes

  • 2018-06-27 21f8463 Removed CwpCanonicalURLMiddleware in favour of core CanonicalURLMiddleware (Robbie Averill)
  • 2018-03-21 100be38 Remove use of getEscapedTitle() and deprecated for future removal. Use $Title directly instead. (Robbie Averill)

Features and Enhancements

  • 2018-06-19 21f4d80 Hide subsite selector dropdown if no subsites have been created yet (Robbie Averill)
  • 2018-06-17 42d24df Lazy-load spellcheck config instead of every request (Damian Mooyman)
  • 2018-06-12 92d1445 Adding silverstripe-maintenance report (Guy)
  • 2018-05-29 987798f Adding extension for relabelling filter options on report (Guy)
  • 2018-05-02 b205ca9 default value for Country Dropdown (add i18n to the new fields) (Chen Shenghan)
  • 2018-05-01 8870833 empty default value for Country Dropdown (Chen Shenghan)
  • 2018-04-29 4d89705 default value for Country Dropdown (Chen Shenghan)
  • 2018-04-26 e2035ad Shift extension default to yml file to promote better extensibility (Damian Mooyman)
  • 2018-04-22 350a9c4 Allow frontend publish filter to be disabled via yml (Damian Mooyman)
  • 2018-04-05 9d26cff Add translation support for blog post authors profile summary heading (Robbie Averill)


  • 2018-07-25 65464f0 LoginAttemptNotifications extension is now disabled again, as it is in CWP 1.x (Robbie Averill)
  • 2018-07-04 5370bc8 apply SubsiteID getVar to CMS Preview fetches (Dylan Wagstaff)
  • 2018-07-02 c0a01db created way of knowing whether user has permission to post (micmania1)
  • 2018-06-29 edec1d7 Admin users can always edit records that have active workflow transitions (Robbie Averill)
  • 2018-06-29 ea42a8d Maintenance module configuration for CWP is now in place (Robbie Averill)
  • 2018-06-28 d96f52c Email notification workflow now ignores recipients with invalid email addresses (Robbie Averill)
  • 2018-06-28 0056ef3 Make template optional for workflow definition (Raissa North)
  • 2018-06-28 1f4ad99 Update Reminder Email DB Field mismatch to ensure value saves (Raissa North)
  • 2018-06-27 fb446b6 Reduce log level so errors do not automatically output (Guy)
  • 2018-06-27 97891b5 ing linting issue that couldn't be automatically resolved (Guy)
  • 2018-06-27 5c12baa Use \Exception for catching Solr exceptions (Guy)
  • 2018-06-27 4e25f5f Remove COMPOSER_HOME definition, update-checker module now does this itself (Robbie Averill)
  • 2018-06-26 837920a Maintenance module extension now provides CWP proxy information for HTTP requests (Robbie Averill)
  • 2018-06-20 a2af250 Allow integration/unit tests to use more memory, update assertions and docblock tweaks (Robbie Averill)
  • 2018-06-20 6c56694 Update modal API for Reactstrap in SilverStripe 4.2, bump constraint (Robbie Averill)
  • 2018-06-20 c7235e1 Comments GridField tests now use their own test stubs (Robbie Averill)
  • 2018-06-20 886c5be Bug with requiring login when posting a comment, pass correct controller in (Robbie Averill)
  • 2018-06-19 d392ca7 Make sure setAllowMultibyte is on when looking up by URLSegment (Daniel Hensby)
  • 2018-06-19 dc9d6de Do no provide input for canEdit or canPublish if no subsites exist (Robbie Averill)
  • 2018-06-19 3156218 Double escaping subsites title in CMS menu (Robbie Averill)
  • 2018-06-18 6f37490 Use correct TinyMCE skin in CWP CMS instances, remove closure scope (unneeded) (Robbie Averill)
  • 2018-06-18 279b67d Only force change for written records when not in current locale, or not versioned (Robbie Averill)
  • 2018-06-18 9abfaf7 Add proxy configuration for embedded cURL requests (Robbie Averill)
  • 2018-06-18 d989074 ed a case where original user was missing when unsetting a user. (Mojmir Fendek)
  • 2018-06-17 a6aa171 Replace recipe-cms requirement with CMS module (Robbie Averill)
  • 2018-06-15 32ec3bd Add getDate method to return created date for comments, tidy up translations (Robbie Averill)
  • 2018-06-15 788cb6e Mock akismet spam protector if installed, fixes broken integration tests (Robbie Averill)
  • 2018-06-15 fc36eac Remove method clearing dummy data from test fixture methods, DB rollbacks do this already (Robbie Averill)
  • 2018-06-15 2fdf87b Remove resetDBSchema use, not required and breaking 4.2 tests (Robbie Averill)
  • 2018-06-14 b653758 Fix psr-4 namespace errors due to incorrect case (Damian Mooyman)
  • 2018-06-12 eca3ac0 Allow tests to handle extra field labels being added in global state (Robbie Averill)
  • 2018-06-12 40c283a Update SelectionGroup template to correctly render selected classes (Robbie Averill)
  • 2018-06-07 10c209c Don't fail on empty locale (Damian Mooyman)
  • 2018-06-06 e02691a Fix invalid locale being set for domain mode (Damian Mooyman)
  • 2018-06-06 2463ca2 broken links in docs (#95) (Raissa North)
  • 2018-06-05 9e923d6 Fixes #65 Use Injector to instantiate created objects. (#68) (Russ Michell)
  • 2018-06-01 5b47edc broken links (#94) (Raissa North)
  • 2018-06-01 cc6005d Disable themes in UDF functional test. Fixes failure with cwp/starter-theme (Robbie Averill)
  • 2018-06-01 ce1db58 broken link (#92) (Raissa North)
  • 2018-06-01 1012ccb broken link (Raissa North)
  • 2018-06-01 af89140 broken link in developer docs (#91) (Raissa North)
  • 2018-06-01 af06f80 Re-enable Behat using chromedriver and silverstripe/recipe-testing (Robbie Averill)
  • 2018-06-01 8222f61 Use correct table name for Group model when performing DB upgrades from older versions (Robbie Averill)
  • 2018-06-01 bc2348a Reverting Jumbotron restyle (Guy)
  • 2018-06-01 60a98be broken links in developer docs (Raissa North)
  • 2018-06-01 b6ba567 Do not make subsite based file permission decisions when no subsite is set (Robbie Averill)
  • 2018-05-31 8e4fbd0 Fixes #63 Conditionally permit additional GET request in POST context. (#64) (Russ Michell)
  • 2018-05-30 c22daa2 Removing ID from match in tests (Guy)
  • 2018-05-29 a6f9595 Correct assertion order and remove default pages from Subsite creation (Robbie Averill)
  • 2018-05-29 8fc5a6b Implement subsites namespace into QueuedJobService (Robbie Averill)
  • 2018-05-28 34eb6ed Remove "Login Attempts" tab from Member CMS fields (Robbie Averill)
  • 2018-05-28 2a97b05 Mock current date and time in scheduled execution test (Robbie Averill)
  • 2018-05-27 191178c Use correct namespaces for Versioned and ErrorPage (Robbie Averill)
  • 2018-05-20 33044ac #759: Enable navigating to former pages via page number button in multi-page userforms. (Shenghan Chen)
  • 2018-05-18 4913290 Add extension to remap polymorphic relationship classes for Parent and Form fields (Robbie Averill)
  • 2018-05-09 07ca22e (SubmittedFormField): Fix bug where FormattedValue isn't cast to HTMLFragment, which causes <br/> to appear in Email templates. (Jake Bentvelzen)
  • 2018-05-08 cacf25f infinite redirect after PUT (#62) (andreaspiening)
  • 2018-05-06 b3cff89 Fixes #173 Check for excistence of root object. (Russell Michell)
  • 2018-04-24 2e18723 Swap deprecated Member::currentUser and check that $jobType is a job (Robbie Averill)
  • 2018-04-20 dc26478 Use correct API for determining if record is modified on draft stage (Robbie Averill)
  • 2018-04-20 9e6fa08 revert removal of 'last logged in' column (Dylan Wagstaff)
  • 2018-04-16 4ec6eb4 fix JSONDataFormatter to not convert values to XML (Andreas Piening)
  • 2018-04-15 4d333b2 Move directory controller template into correct location (Robbie Averill)
  • 2018-04-13 478e5dc invalid htaccess (Damian Mooyman)
  • 2018-03-28 569b0a7 use the same translation variable key as core (#755) (Dylan Wagstaff)
  • 2018-03-23 5cce5f5 Allow editable form fields to have nullable titles rather than fallback to Name (Robbie Averill)
  • 2018-03-23 7cbffd8 Use a userforms template for the member list field, fixes broken display rules (Robbie Averill)
  • 2018-03-22 453a35e Ensure duplicated multiple option field is written (has an ID) before duplicating options (Robbie Averill)
  • 2018-03-22 86b098c Disable versioned GridField extensions - it conflicts with UserFormRecipientItemRequest (Robbie Averill)
  • 2018-03-22 92a2229 Correctly return the max file size in MB (Robbie Averill)
  • 2018-03-20 8868535 Ensure null->ID is not evaluated (Gordon Anderson)
  • 2017-05-15 f6f6731 markStarted not calculating timeout correctly (matt-in-a-hat)
  • 2017-02-03 3679cb7 Ensure QueuedJob health check doesn't kill long running review jobs (Jake Bentvelzen)

Was this article helpful?