If running an application in an environment where user security is critical, it may be necessary to
assign the config value Security.remember_username to false. This will disable persistence of
user login name between sessions, and disable browser auto-completion on the username field.
Note that users of certain browsers who have previously autofilled and saved login credentials
will need to clear their password autofill history before this setting is properly respected.
Test cases that rely on updating and restoring Injector services may now take advantage
of the new Injector::nest() and Injector::unnest() methods to sandbox their alterations.
If errors could potentially be raised by any RequestHandler class such as a Form or
Controller, you may now add the new ErrorPageControllerExtension to this class to
transform plain text error messages into ErrorPage rendered HTML errors. In the past this
behaviour was limited to subclasses of ContentController. By default this extension is now
added to the Security controller, and if this is not desirable then it should be removed
explicitly via the Config system.
2014-05-02 f9cb880 Error page support for Security controller errors (Damian Mooyman)
2014-05-01 3162d0e Update ErrorPage to respect new HTTP Error codes (Damian Mooyman)
2014-04-28 0285322 Ability to configure paging for assets / pages (Damian Mooyman)
2014-04-22 d06d5c1 Injector supports nesting BUG Resolve issue with DirectorTest breaking RequestProcessor Injector::nest and Injector::unnest are introduced to better support sandboxing of testings. Injector and Config ::nest and ::unnest support chaining Test cases for both Injector::nest and Config::nest (Damian Mooyman)
2014-04-17 a6017a0 HTTP 429 Allowed for use with rate limiting methods (Damian Mooyman)
2014-04-09 997077a Security.remember_username to disable login form autocompletion (Damian Mooyman)
Features and Enhancements
2014-03-28 a502c9d Fixes #966. Ability to filter pages on page status. - New filters for statuses normally found through SiteTree::getStatusFlags(). - Refactored menu sorting. Now alphabetical, as it wasn't previously. (Russell Michell)
2014-04-16 396fd9a Broken file link tracking (fixes #996) (Loz Calver)
2014-04-14 0b4f62d Fix jstree when duplicating subtrees (Damian Mooyman)
2014-04-11 a261f22 Delete Character \x01 (Stevie Mayhew)
2014-04-09 91034d1 HTMLText whitelist considers text nodes Minor improvement to #2853. If a list of whitelisted elements are specified, text nodes no longer evade the whitelist (Damian Mooyman)
2014-04-09 a3c8a59 Fix data query not always joining necessary tables Fixes #2846 (Damian Mooyman)
2014-04-08 a060784 - missing link url for composer (camfindlay)
2014-04-07 3204ab5 Fix orphaned pages reporting they can be viewed (Damian Mooyman)
2014-04-01 84d8022 Fix Date and SS_DateTime::FormatFromSettings This issue is caused by the odd default behaviour of Zend_Date, which attempts to parse yyyy-mm-dd format date and times as though they were yyyy-dd-mm. (Damian Mooyman)
2014-03-12 b4a1aa4 Fixes #965. Allow user date-settings to show on GridField Page admin (Russell Michell)
2014-03-04 ae573f8 Fix Versioned stage not persisting in Session. Fixes #962 BUG Disabled disruptive test case in DirectorTest API RequestProcessor and VersionedRequestFilter now both correctly implement RequestFilter Better PHPDoc on RequestFilter and implementations (Damian Mooyman)
2013-06-20 f2c4a62 ConfirmedPasswordField used to expose existing hash (Hamish Friedlander)