Version 3
end of life
This version of Silverstripe CMS will not recieve any additional bug fixes or documentation updates.
Go to documentation for the most recent stable version.
3.0.7-rc1
Overview
Security: XSS in form validation errors (SS-2013-008)
See announcement
Security: XSS in CMS "Pages" section (SS-2013-009)
See announcement
API: Form validation message no longer allow HTML
Due to cross-site scripting concerns when user data is used for form messages,
it is no longer possible to use HTML in Form->sessionMessage()
, and consequently
in the FormField->validate()
API.