This document contains information for an outdated version (3.1) and may not be maintained any more. If some of your projects still use this version, consider upgrading as soon as possible.



  • Security: Require ADMIN for ?flush=1&isDev=1 (SS-2014-001)
  • Security: XSS in third party library (SWFUpload) (SS-2014-002)
  • Security: SiteTree.ExtraMeta allows JavaScript for malicious CMS authors (SS-2014-003)
  • Better loading performance when using multiple UploadField instances
  • Option for force_js_to_bottom on Requirements class (ignoring inline <script> tags)
  • Added ListDecorator->filterByCallback() for more sophisticated filtering
  • New DataList filters: LessThanOrEqualFilter and GreaterThanOrEqualFilter
  • "Cancel" button on "Add Page" form
  • Better code hinting on magic properties (for IDE autocompletion)
  • Increased Behat test coverage (editing HTML content, managing page permissions)
  • Support for PHPUnit 3.8


SiteTree.ExtraMeta allows JavaScript for malicious CMS authors

If you have previously used the SiteTree.ExtraMeta field for <head> markup other than its intended use case (<meta> and <link>), please consult SS-2014-003.