Version 3 end of life
This version of Silverstripe CMS will not recieve any additional bug fixes or documentation updates. Go to documentation for the most recent stable version.



  • If running an application in an environment where user security is critical, it may be necessary to assign the config value Security.remember_username to false. This will disable persistence of user login name between sessions, and disable browser auto-completion on the username field. Note that users of certain browsers who have previously autofilled and saved login credentials will need to clear their password autofill history before this setting is properly respected.
  • Test cases that rely on updating and restoring Injector services may now take advantage of the new Injector::nest() and Injector::unnest() methods to sandbox their alterations.
  • If errors could potentially be raised by any RequestHandler class such as a Form or Controller, you may now add the new ErrorPageControllerExtension to this class to transform plain text error messages into ErrorPage rendered HTML errors. In the past this behaviour was limited to subclasses of ContentController. By default this extension is now added to the Security controller, and if this is not desirable then it should be removed explicitly via the Config system.


API Changes

  • 2014-05-02 f9cb880 Error page support for Security controller errors (Damian Mooyman)
  • 2014-05-01 3162d0e Update ErrorPage to respect new HTTP Error codes (Damian Mooyman)
  • 2014-04-28 0285322 Ability to configure paging for assets / pages (Damian Mooyman)
  • 2014-04-22 d06d5c1 Injector supports nesting BUG Resolve issue with DirectorTest breaking RequestProcessor Injector::nest and Injector::unnest are introduced to better support sandboxing of testings. Injector and Config ::nest and ::unnest support chaining Test cases for both Injector::nest and Config::nest (Damian Mooyman)
  • 2014-04-17 a6017a0 HTTP 429 Allowed for use with rate limiting methods (Damian Mooyman)
  • 2014-04-11 892b440 Make default gridfield paging configurable Documentation improved (Damian Mooyman)
  • 2014-04-09 997077a Security.remember_username to disable login form autocompletion (Damian Mooyman)

Features and Enhancements


  • 2014-05-05 c5d5d10 Behat now uses explicit radio button behaviour (Damian Mooyman)
  • 2014-05-01 bd5abb6 parent::init is not called first (Michael Parkhill)
  • 2014-05-01 4fd3015 corrected link to CMS Alternating Button Page (James Pluck)
  • 2014-04-29 8673b11 Fix ImageTest Image test would erroneously reset the Image::$backend to null if the test was skipped, breaking subsequent test cases (Damian Mooyman)
  • 2014-04-29 89fbae2 Fix encoding of SiteTree.MetaTags (Damian Mooyman)
  • 2014-04-25 ff5f607 Docs for DataList::filter() (Daniel Hensby)
  • 2014-04-24 5e9ae57 Fix edge case IE8 / dev / ssl / download file crash Prevents issue at appearing on dev (Damian Mooyman)
  • 2014-04-17 bec8927 Allow PHPUnit installation with composer / Fix travis (Will Morgan)
  • 2014-04-16 396fd9a Broken file link tracking (fixes #996) (Loz Calver)
  • 2014-04-14 0b4f62d Fix jstree when duplicating subtrees (Damian Mooyman)
  • 2014-04-11 a261f22 Delete Character \x01 (Stevie Mayhew)
  • 2014-04-09 91034d1 HTMLText whitelist considers text nodes Minor improvement to #2853. If a list of whitelisted elements are specified, text nodes no longer evade the whitelist (Damian Mooyman)
  • 2014-04-09 a3c8a59 Fix data query not always joining necessary tables Fixes #2846 (Damian Mooyman)
  • 2014-04-08 a060784 - missing link url for composer (camfindlay)
  • 2014-04-07 3204ab5 Fix orphaned pages reporting they can be viewed (Damian Mooyman)
  • 2014-04-01 84d8022 Fix Date and SS_DateTime::FormatFromSettings This issue is caused by the odd default behaviour of Zend_Date, which attempts to parse yyyy-mm-dd format date and times as though they were yyyy-dd-mm. (Damian Mooyman)
  • 2014-03-12 b4a1aa4 Fixes #965. Allow user date-settings to show on GridField Page admin (Russell Michell)
  • 2014-03-04 ae573f8 Fix Versioned stage not persisting in Session. Fixes #962 BUG Disabled disruptive test case in DirectorTest API RequestProcessor and VersionedRequestFilter now both correctly implement RequestFilter Better PHPDoc on RequestFilter and implementations (Damian Mooyman)
  • 2013-06-20 f2c4a62 ConfirmedPasswordField used to expose existing hash (Hamish Friedlander)