Version 3 end of life
This version of Silverstripe CMS will not recieve any additional bug fixes or documentation updates. Go to documentation for the most recent stable version.


Change Log


  • 2016-02-17 faa94d5 Hostname, IP and Protocol Spoofing through HTTP Headers (Ingo Schommer) - See ss-2016-003
  • 2016-02-17 15d4db3 Block unauthenticated access to dev/build/defaults (Damian Mooyman) - See ss-2015-028
  • 2016-02-17 e2c77c5 Ensure Gridfield actions respect CSRF (Damian Mooyman) - See ss-2016-002
  • 2015-11-11 245e0aa Fix FormField error messages not being encoded safely (Damian Mooyman) - See ss-2015-026
  • 2015-11-09 53b3bc7 Dont expose class on error (Hamish Friedlander) - See ss-2015-025
  • 2015-11-01 ac4342d XML escape RSSFeed $link parameter (Ingo Schommer) - See ss-2015-022
  • 2015-10-28 97f21fd Fix rewrite hash links XSS (Damian Mooyman) - See ss-2015-021


  • 2016-02-15 8771859 "where" method in SQLUpdate Example (Richard Rudy)
  • 2016-01-28 3fcf1e2 edge case on many many extra fields (fixes 4991) (Mark Stephens)
  • 2016-01-27 3d0178e Use correct formaction for doRollback exemption (Damian Mooyman)
  • 2016-01-24 d8e354d PHPDocs on DataList::getIDList() and UnsavedRelationList::getIDList() (Damian Mooyman)
  • 2016-01-22 bf8bf5e Prevent Versioned::doRollbackTo from creating incorrect versions on subclasses of Versioned DataObjects (Damian Mooyman)
  • 2016-01-21 cca7129 Revert lost documentation (Damian Mooyman)
  • 2016-01-11 85ba918 Update field IDs for file link (fixes silverstripe/silverstripe-cms#1307) (Loz Calver)
  • 2016-01-11 d637141 preg_quote() anchors in SiteTreeLinkTracking (fixes #1359) (Loz Calver)
  • 2016-01-05 00544ff session_regenerate_id uses config system (Daniel Hensby)
  • 2016-01-05 4335d8e Members with no ID inherit logged in user permission (Daniel Hensby)
  • 2015-12-15 afbb5cf Vimeo oEmbed endpoint redirecting to no www (UndefinedOffset)
  • 2015-12-14 d265c9b Allow omitting a value for OptionsetField submissions (fixes #4824) (Loz Calver)
  • 2015-12-11 5a21b2f Guard against users being added to all groups on unsaved Group. (Mateusz Uzdowski)
  • 2015-11-27 94742fa Revert method visibility regression (Damian Mooyman)
  • 2015-11-18 e9b833f ConfirmedPassword field correctly reports mismatching passwords (Christopher Darling)
  • 2015-11-17 68d99be Hidden errors for composite fields nested inside FieldGroups (fixes #4773) (Loz Calver)
  • 2015-11-17 97e90b8 RedirectorPage toggles not working (fixes #1328) (Loz Calver)
  • 2015-11-17 b624eb9 Setting target for unwritten VirtualPage breaks write (Loz Calver)
  • 2015-11-16 2983d82 Ensure VirtualPage forwards request/response data to virtual controllers (fixes #1329) (Loz Calver)
  • 2015-11-12 fea1158 Fix print button only displaying first page (Damian Mooyman)
  • 2015-11-11 a40812a Don’t reuse DBConnector (fixes #4735) (Sam Minnee)
  • 2015-11-05 f577ecb prevent use cache on browser back button (Igor Nadj)