Bryn Whyman,
CWP 2.6

We’re excited to bring you our latest minor release of CWP, version 2.6, which focuses on ensuring you have the information you need to avoid accidental leakage of restricted content stored in the CMS. We’ll go over what ‘restricted content’ might cover for your content and introduce new file indicators for your Content Managers.

With CWP 2.6, you’ll also see security improvements to User Forms, a simple image editing flow, commercial support for PHP 7.4, safer defaults for site search, and some fantastic contributions from the open-source community—be sure to check out the changelog to see who’s contributed!

As usual, this release follows semantic versioning(external link), so it’s ready to be used in any current CWP project right now.

What’s new in CWP 2.6?

An upgrade to the latest version includes Silverstripe CMS version 4.6 and introduces several new features to benefit Content Managers, including:

And for Developers:

We unpack each of these new features below. Or, if you’re keen to get your upgrade underway now, we’ve provided some next steps.

For Content Managers

Collecting and managing personal data safely

With heightened awareness around the need to protect Personally Identifying Information our team set about minimising the risk of similar events happening with websites built using Silverstripe CMS.

Almost all sites on the Common Web Platform include the User Forms functionality that allows Content Managers to collect data from site visitors with forms they can create.

User Form in Silverstripe CMS 4.6

Example of the User Forms feature in the CMS

Creating a form to collect job applications on a careers page, allow submission of documents to verify someone's identity, or collect photos to be shared in an online gallery are all easy to set up with this feature. However, these different use-cases have very different levels of risk and responsibility with regard to data protection and integrity.

While the form data is always protected by the CMS, if files are submitted through the form, the Content Manager needs to consider whether these files should be restricted in the CMS and only be visible to certain users or groups. If the files are not restricted they have the possibility of being publicly viewable regardless of whether the file is placed on a web page or not.

Securing files uploaded through User Forms

Joining the release of CWP 2.6 is a new release to the User Forms module(external link).

Now, when choosing to add a File Upload field to any new form, the Content Manager will be presented with a new prompt, suggesting to create a new folder in the Files area under the restricted-by-default ‘Form-submissions’ folder and be guided through file security considerations.

New guidance for forms collecting uploaded files

New guidance for forms collecting uploaded files

The new module release is version 5.3.

Indicating file permissions

New file icons have been introduced to help identify the original source of a file and whether caution should be taken when using it.

New icons indicating file permissions in the CMS

New icons indicating file permissions in the CMS

Restricted access

The new icon showing restricted access in the CMS

Files stored in a folder with restricted access to certain users or groups will now show a clear indicator of their restricted access.

Files received through User Forms

The new icons for files received through User Forms in the CMS

Files uploaded through a User Form now have icons reflecting two different states: form submission and form submission with warning.

Form submission

This indicates a file is associated with a form submission. This file could contain information that should not be publically available and care should be taken so that it is not published on the website.

Form submission with warning

This indicates that a file associated with a form submission does not have the recommended permissions applied to it, making the file publicly available.

You will find these icons in different areas of the CMS where common interactions with files occur.

Want to learn more about these icons? We’ve covered all you need to know in the Silverstripe CMS User help.

Direct access to editing inserted files

The flow for editing the details of a file already added to a content block or page has been simplified, enabling direct access to update file information like the title, filename, location, plus any custom field, without the need to navigate to the Files area.

This is made available through a new ‘Details’ button as shown below.

The new 'Details' button in the CMS

The new 'Details' button in the CMS

More sensible site search defaults (with Solr)

In focusing on how to avoid unintended leaks of restricted information in the CMS, it’s also important to look at other areas where a site could be exposed. Site search fits this scenario.

Projects using CWP’s default site search functionality with Apache’s Solr and the Silverstripe CMS commercially supported module, FullTextSearch(external link), will be interested in a new release of the module made available at the time of the CWP 2.6 release to introduce more secure defaults. Notably, ensuring draft and restricted content will no longer be indexed by default.

Be sure to talk to your Digital Agency or Development team to see if your project uses this functionality and how this may affect your search results. The CWP 2.6.0 changelog provides detailed information for Developers.

For Developers

Commercial support for PHP 7.4

The long-awaited support for PHP 7.4 is now available! All commercially supported modules have had their automated test suite updated to test for PHP 7.4 and will continue to be monitored.

Keen to get your upgrade underway?

Talk to your Digital Agency or Developer about upgrading

Haven’t got a Developer or Agency? You can request support with your upgrade through the CWP Service Desk.

Developers, check out our documentation

This release announcement does not cover the full detail of what is included in the release. Be sure to review the full changelog before planning your next site upgrade.

Head to the CWP Developer Docs to view the CWP 2.6 changelog.

Content Managers, see the Silverstripe CMS User help

To understand the new file icons in more detail, be sure to check out the Silverstripe CMS User help guides:

Back to the news

Last modified: