Version 3 end of life
This version of Silverstripe CMS will not recieve any additional bug fixes or documentation updates. Go to documentation for the most recent stable version.

3.5.0

Change Log

Security

  • 2016-11-11 4440b88 Form@httpSubmission will no longer load submitted data to disabled or readonly fields (Daniel Hensby) - See ss-2016-010
  • 2016-11-11 61e4055 Cast FormField values as Text to prevent readonly fields embeding rogue HTML (Daniel Hensby) - See ss-2016-010
  • 2016-10-27 17097a4 Properly escape backURL for template injection (Daniel Hensby) - See ss-2016-016
  • 2016-08-02 62a2421 value / title escaping in CheckboxSetField and OptionsetField (Damian Mooyman) - See ss-2016-015
  • 2016-08-02 12a6b35 value / title escaping in CheckboxSetField and OptionsetField (Damian Mooyman) - See ss-2016-015
  • 2016-08-02 049cdef value / title escaping in CheckboxSetField and OptionsetField (Damian Mooyman) - See ss-2016-015
  • 2016-07-25 b1f4497 Autologin cookies are ignored if autologin is disabled (Daniel Hensby) - See ss-2016-014
  • 2016-07-25 fa7f5af Autologin cookies are ignored if autologin is disabled (Daniel Hensby) - See ss-2016-014
  • 2016-07-25 1c7d5de Autologin cookies are ignored if autologin is disabled (Daniel Hensby) - See ss-2016-014
  • 2016-07-22 281b0de Uncasted member name (Daniel Hensby) - See ss-2016-013
  • 2016-07-22 83e3302 Uncasted member name (Daniel Hensby) - See ss-2016-013
  • 2016-07-22 6817c57 Uncasted member name (Daniel Hensby) - See ss-2016-013
  • 2016-07-15 298f615 Reset Member::Salt on password change (Daniel Hensby) - See ss-2016-008
  • 2016-07-15 f85dea2 Reset Member::Salt on password change (Daniel Hensby) - See ss-2016-008
  • 2016-07-15 dc47f7e Reset Member::Salt on password change (Daniel Hensby) - See ss-2016-008
  • 2016-07-14 6606d98 ChangePasswordForm does not check $member->canLogin before login (Daniel Hensby) - See ss-2016-011
  • 2016-07-14 6d41db7 ChangePasswordForm does not check $member->canLogin before login (Daniel Hensby) - See ss-2016-011
  • 2016-07-14 2b30ade ChangePasswordForm does not check $member->canLogin before login (Daniel Hensby) - See ss-2016-011
  • 2016-07-14 efa20d2 Missing ACL check on ReportAdmin (Daniel Hensby) - See ss-2016-012
  • 2016-07-14 cff2ea9 Missing ACL check on ReportAdmin (Daniel Hensby) - See ss-2016-012
  • 2016-07-14 ca526b0 Missing ACL check on ReportAdmin (Daniel Hensby) - See ss-2016-012
  • 2016-07-14 5f73d34 Missing ACL check on ReportAdmin (Daniel Hensby) - See ss-2016-012
  • 2016-05-03 3fa84cf Encode user supplied URL for embeding into page (Daniel Hensby) - See ss-2016-007

API Changes

  • 2016-11-15 f43a91a Add FormField::canSubmitValue() (Damian Mooyman)
  • 2016-11-07 ffd9938 ShortcodeParser getter and extension points (Jonathon Menz)
  • 2016-09-15 b87c668 support dblib (#5996) (Damian Mooyman)
  • 2016-09-05 c6457c5 Allow has_many fixtures to be declared with array format as well as many_many (#5944) (Damian Mooyman)
  • 2016-07-15 d08ab6a Allow X-Frame-Options to be configured (Damian Mooyman)
  • 2016-06-20 e810a99 Add optimistic_connect to SS_Database (Damian Mooyman)

Features and Enhancements

  • 2016-06-10 19b9413 Use injector for MemberLoginForm fields (Daniel Hensby)
  • 2016-05-15 c401d9d added hide_from_cms_tree and hide_from_hierarchy (John Milmine)
  • 2015-02-11 dae2295 Allow the paddedresize to take another hex value to specify a transparency on the padded color (Nick)

Bugfixes

  • 2016-11-24 a4760b8 Fixed issue where a shortcode's location would not get set to split when using the class leftAlone (UndefinedOffset)
  • 2016-11-23 03b4e6e Tests shouldnt set date or time format to null (Daniel Hensby)
  • 2016-11-09 ebae480 Fix regression in aggregate column lookup from #6199 (Damian Mooyman)
  • 2016-11-09 6bf36fb Correct return type for Member::currentUser() (Loz Calver)
  • 2016-11-04 dd9ade4 UploadField incorrectly setting max upload size (Daniel Hensby)
  • 2016-11-03 edfe514 Ensure that builds use the 3.4 dependencies. (Sam Minnee)
  • 2016-11-03 135a647 Ensure that builds use the 3.4 dependencies. (Sam Minnee)
  • 2016-11-01 c61d61d default_records are no longer inherited to child classes (Daniel Hensby)
  • 2016-10-30 747bd4c filterAny error message now refers to correct method name (Daniel Hensby)
  • 2016-10-22 bec5adf Versioned sort by ID (Jonathon Menz)
  • 2016-10-19 b0445f7 Ambiguous column SQL error (Jonathon Menz)
  • 2016-10-16 fe81607 Make simplexml_load_file work on shared php-fpm (Nicola Fontana)
  • 2016-10-11 7368dec Fix issue with SS_List as datasource for dropdown field (Damian Mooyman)
  • 2016-10-07 ae83b7b History controller now shows right comparison versions (Daniel Hensby)
  • 2016-10-04 797be6a Revert natural sort (Jonathon Menz)
  • 2016-10-04 6dde5ce Absolute alternate_base_url no longer breaks session cookies (Daniel Hensby)
  • 2016-10-03 98d95cd Sort order for duplicated child pages is now retained (Daniel Hensby)
  • 2016-09-29 ae4108b Content-Disposition header breaks in Firefox (#4087) (Anton Smith)
  • 2016-09-19 32d1856 Debug::caller() will now handle errors from outside function calls (#6029) (Daniel Hensby)
  • 2016-09-19 d2d770c Frontend UploadField wouldn't call ssdialog (Cristian Torres)
  • 2016-09-14 cd8904e ing button destroy bug (3Dgoo)
  • 2016-09-12 a14df0b Force line endings to LF on sake file (Daniel Hensby)
  • 2016-09-06 e7ecf6c Bad strpos call in HTTP::register_etag() (Daniel Hensby)
  • 2016-09-01 f2ed59e Empty dmyfields on DateField now validate as true (Daniel Hensby)
  • 2016-08-22 59be597 #1052 (Daniel Hensby)
  • 2016-08-22 4998b80 ArrayList sorting now caseinsensitive (Daniel Hensby)
  • 2016-08-15 95c640a Fix regression in FormField casting (Damian Mooyman)
  • 2016-08-15 5ad8157 Fix regression in FormField casting (Damian Mooyman)
  • 2016-08-15 a6a9cd7 Fix regression in FormField casting (Damian Mooyman)
  • 2016-08-11 d4114b3 include related fields on canFilter() check (Jonathon Menz)
  • 2016-08-09 63fc4db Fix extra border in page settings (Damian Mooyman)
  • 2016-08-07 86add3e Use create syntax for CMSMemberLoginForm remember me form (Daniel Hensby)
  • 2016-08-04 5fcdf8c don't look in node_modules (Michael Strong)
  • 2016-08-03 a84a1b7 es issue #32 (Access tab JS) (Colin Tucker)
  • 2016-07-28 56f0b72 ETag header now properly quoted (Daniel Hensby)
  • 2016-07-15 9282662 ing bad syntax from PR (Daniel Hensby)
  • 2016-07-15 3662240 Allow caching of false config values (Fixes #4755) (#4762) (Sam Minnée)
  • 2016-07-08 74c555e for #5784: Added ->setReplyTo(), deprecated ->replyTo() for API consistency. Revamping, fixing, and enhancing internal Email API documentation. Simplified code and brought up-to-date with latest standards. (Patrick Nelson)
  • 2016-07-05 9afd602 calling $record->write() breaks other 3rd party fields that write to an UnsavedRelationList. (Jake Bentvelzen)
  • 2016-07-04 637167f Fix missing icons (Damian Mooyman)
  • 2016-06-09 3bb32eb Tests need the DB (Daniel Hensby)
  • 2016-06-09 68c4040 No longer hardcoding admin links (Daniel Hensby)
  • 2016-06-03 429ce55 ViewableData::setFailover() didn't remove cached methods (Loz Calver)
  • 2016-06-01 8a58041 Remove default from address for error emails (Sam Minnee)
  • 2016-05-27 11aad47 invalid syntax in TinyMCE config (#5593) (Loz Calver)
  • 2016-05-19 b1df9dc check that we have a token and a UID before attempting a member auto login (Stevie Mayhew)