Version 3 end of life
This version of Silverstripe CMS will not recieve any additional bug fixes or documentation updates. Go to documentation for the most recent stable version.

3.4.2

Change Log

Security

  • 2016-11-11 4440b88 Form@httpSubmission will no longer load submitted data to disabled or readonly fields (Daniel Hensby) - See ss-2016-010
  • 2016-11-11 61e4055 Cast FormField values as Text to prevent readonly fields embeding rogue HTML (Daniel Hensby) - See ss-2016-010
  • 2016-10-27 17097a4 Properly escape backURL for template injection (Daniel Hensby) - See ss-2016-016
  • 2016-08-02 62a2421 value / title escaping in CheckboxSetField and OptionsetField (Damian Mooyman) - See ss-2016-015
  • 2016-08-02 12a6b35 value / title escaping in CheckboxSetField and OptionsetField (Damian Mooyman) - See ss-2016-015
  • 2016-08-02 049cdef value / title escaping in CheckboxSetField and OptionsetField (Damian Mooyman) - See ss-2016-015
  • 2016-07-25 fa7f5af Autologin cookies are ignored if autologin is disabled (Daniel Hensby) - See ss-2016-014
  • 2016-07-25 1c7d5de Autologin cookies are ignored if autologin is disabled (Daniel Hensby) - See ss-2016-014
  • 2016-07-25 b1f4497 Autologin cookies are ignored if autologin is disabled (Daniel Hensby) - See ss-2016-014
  • 2016-07-22 6817c57 Uncasted member name (Daniel Hensby) - See ss-2016-013
  • 2016-07-22 281b0de Uncasted member name (Daniel Hensby) - See ss-2016-013
  • 2016-07-22 83e3302 Uncasted member name (Daniel Hensby) - See ss-2016-013
  • 2016-07-15 f85dea2 Reset Member::Salt on password change (Daniel Hensby) - See ss-2016-008
  • 2016-07-15 dc47f7e Reset Member::Salt on password change (Daniel Hensby) - See ss-2016-008
  • 2016-07-15 298f615 Reset Member::Salt on password change (Daniel Hensby) - See ss-2016-008
  • 2016-07-14 6d41db7 ChangePasswordForm does not check $member->canLogin before login (Daniel Hensby) - See ss-2016-011
  • 2016-07-14 6606d98 ChangePasswordForm does not check $member->canLogin before login (Daniel Hensby) - See ss-2016-011
  • 2016-07-14 2b30ade ChangePasswordForm does not check $member->canLogin before login (Daniel Hensby) - See ss-2016-011
  • 2016-07-14 cff2ea9 Missing ACL check on ReportAdmin (Daniel Hensby) - See ss-2016-012
  • 2016-07-14 ca526b0 Missing ACL check on ReportAdmin (Daniel Hensby) - See ss-2016-012
  • 2016-07-14 efa20d2 Missing ACL check on ReportAdmin (Daniel Hensby) - See ss-2016-012
  • 2016-07-14 04b4453 Missing ACL check on ReportAdmin (Daniel Hensby) - See ss-2016-012
  • 2016-07-14 5f73d34 Missing ACL check on ReportAdmin (Daniel Hensby) - See ss-2016-012
  • 2016-05-03 3fa84cf Encode user supplied URL for embeding into page (Daniel Hensby) - See ss-2016-007

API Changes

  • 2016-09-05 c6457c5 Allow has_many fixtures to be declared with array format as well as many_many (#5944) (Damian Mooyman)

Bugfixes

  • 2016-11-09 ebae480 Fix regression in aggregate column lookup from #6199 (Damian Mooyman)
  • 2016-11-09 6bf36fb Correct return type for Member::currentUser() (Loz Calver)
  • 2016-11-03 edfe514 Ensure that builds use the 3.4 dependencies. (Sam Minnee)
  • 2016-11-03 135a647 Ensure that builds use the 3.4 dependencies. (Sam Minnee)
  • 2016-10-30 747bd4c filterAny error message now refers to correct method name (Daniel Hensby)
  • 2016-10-22 bec5adf Versioned sort by ID (Jonathon Menz)
  • 2016-10-19 b0445f7 Ambiguous column SQL error (Jonathon Menz)
  • 2016-10-16 fe81607 Make simplexml_load_file work on shared php-fpm (Nicola Fontana)
  • 2016-10-11 7368dec Fix issue with SS_List as datasource for dropdown field (Damian Mooyman)
  • 2016-10-07 ae83b7b History controller now shows right comparison versions (Daniel Hensby)
  • 2016-10-04 797be6a Revert natural sort (Jonathon Menz)
  • 2016-10-04 6dde5ce Absolute alternate_base_url no longer breaks session cookies (Daniel Hensby)
  • 2016-10-03 98d95cd Sort order for duplicated child pages is now retained (Daniel Hensby)
  • 2016-09-29 ae4108b Content-Disposition header breaks in Firefox (#4087) (Anton Smith)
  • 2016-09-19 32d1856 Debug::caller() will now handle errors from outside function calls (#6029) (Daniel Hensby)
  • 2016-09-19 d2d770c Frontend UploadField wouldn't call ssdialog (Cristian Torres)
  • 2016-09-14 cd8904e ing button destroy bug (3Dgoo)
  • 2016-09-12 a14df0b Force line endings to LF on sake file (Daniel Hensby)
  • 2016-09-06 e7ecf6c Bad strpos call in HTTP::register_etag() (Daniel Hensby)
  • 2016-09-01 f2ed59e Empty dmyfields on DateField now validate as true (Daniel Hensby)
  • 2016-08-22 59be597 #1052 (Daniel Hensby)
  • 2016-08-22 4998b80 ArrayList sorting now caseinsensitive (Daniel Hensby)
  • 2016-08-15 95c640a Fix regression in FormField casting (Damian Mooyman)
  • 2016-08-15 5ad8157 Fix regression in FormField casting (Damian Mooyman)
  • 2016-08-15 a6a9cd7 Fix regression in FormField casting (Damian Mooyman)
  • 2016-08-11 d4114b3 include related fields on canFilter() check (Jonathon Menz)
  • 2016-08-09 63fc4db Fix extra border in page settings (Damian Mooyman)
  • 2016-07-28 56f0b72 ETag header now properly quoted (Daniel Hensby)