Version 3 end of life
This version of Silverstripe CMS will not recieve any additional bug fixes or documentation updates. Go to documentation for the most recent stable version.

3.2.6

Change Log

Security

  • 2016-11-11 4440b88 Form@httpSubmission will no longer load submitted data to disabled or readonly fields (Daniel Hensby) - See ss-2016-010
  • 2016-11-11 61e4055 Cast FormField values as Text to prevent readonly fields embeding rogue HTML (Daniel Hensby) - See ss-2016-010
  • 2016-10-27 17097a4 Properly escape backURL for template injection (Daniel Hensby) - See ss-2016-016
  • 2016-08-02 62a2421 value / title escaping in CheckboxSetField and OptionsetField (Damian Mooyman) - See ss-2016-015
  • 2016-07-25 1c7d5de Autologin cookies are ignored if autologin is disabled (Daniel Hensby) - See ss-2016-014
  • 2016-07-22 6817c57 Uncasted member name (Daniel Hensby) - See ss-2016-013
  • 2016-07-15 298f615 Reset Member::Salt on password change (Daniel Hensby) - See ss-2016-008
  • 2016-07-14 6606d98 ChangePasswordForm does not check $member->canLogin before login (Daniel Hensby) - See ss-2016-011
  • 2016-07-14 ca526b0 Missing ACL check on ReportAdmin (Daniel Hensby) - See ss-2016-012
  • 2016-07-14 5f73d34 Missing ACL check on ReportAdmin (Daniel Hensby) - See ss-2016-012
  • 2016-07-14 04b4453 Missing ACL check on ReportAdmin (Daniel Hensby) - See ss-2016-012

Bugfixes

  • 2016-11-03 edfe514 Ensure that builds use the 3.4 dependencies. (Sam Minnee)
  • 2016-09-12 a14df0b Force line endings to LF on sake file (Daniel Hensby)
  • 2016-09-06 e7ecf6c Bad strpos call in HTTP::register_etag() (Daniel Hensby)
  • 2016-08-22 59be597 #1052 (Daniel Hensby)
  • 2016-08-22 4998b80 ArrayList sorting now caseinsensitive (Daniel Hensby)
  • 2016-08-15 95c640a Fix regression in FormField casting (Damian Mooyman)
  • 2016-07-28 56f0b72 ETag header now properly quoted (Daniel Hensby)