Version 4 supported



PHP 7.1 is the minimum supported version

Starting with this release we do not support PHP 5.6 and 7.0 anymore. As such, 7.1 is the lowest supported version. The prior releases will keep supporting older PHP versions for their lifetime.

Apache >=2.4 is now recommended

The cms recipes for new application installations and some of our asset migration scripts are now generating ".htaccess" using the Apache 2.4 syntax. This does not affect any existing ".htaccess" files, but only auto-generated ones. Apache 2.2 has reached its EOL in 2017, so we do not proactively support it anymore. You also may amend any auto-generated ".htaccess" files manually in case you want to run CMS on a different software.

Installer UI has been removed

Until now, core releases of Silverstripe CMS would put an install.php file in the public root that, when accessed with a browser, would offer an installation UI prompting the user for all the necessary configuration of your project and environment, and validating it before performing the installation.

While this may be an important part of the onboarding experience for newcomers to SilverStripe, it is an unnecessary artefact and potential security risk for the vast majority of developers who install SilverStripe with composer and their own environment files.

The installer UI will continue to live on under the name "installer-wizard" in a separate package, which can be added incrementally to core recipe installation, using composer require silverstripe/installer-wizard. It is no longer a commercially supported module.

Archive downloads have been removed

Silverstripe CMS has gradually switched from using file archives to installation via Composer. This enabled a much more diverse module ecosystem, with clear dependency management and greater ability to check and enforce constraints and semantic versioning.

Starting with this release, we are no longer publishing silverstripe/installer as a file archive download on If your workflow relied on these downloads, please switch to using Composer. See #9232 for details.

Generic login form styling

Login forms in Silverstripe CMS are traditionally embedded in your page template. This often requires style adjustments in your website, for example, to cover variations such as error messages and validation feedback. It also complicates more advanced login flows such as multi-factor authentication.

Starting with this release, you could install silverstripe/login-forms module. It provides generic styles which look great without any adjustments. You can choose to add your own logo or customise the templates. The URLs to login functionality have not changed (e.g. Security/login).

Existing Silverstripe CMS websites upgrading to this release can opt into using login forms via composer:

composer require silverstripe/login-forms

Note that any customisations you might have in or Layout/ no longer apply when this module is installed. If you have customised the login process by adding form fields, or through custom handlers such as SAML or LDAP, you'll need to review those before starting to use the module.

Starting with Silverstripe CMS 4.6 this module will be included in new installations by default.

New PasswordExpirationMiddleware now proactively invalidates members with expired passwords

A new PasswordExpirationMiddleware has been implemented. It checks passwords of authenticated users for expiration and either enforce a redirection to a change password form, or resets the user for a request being processed (sets the current user to null).

This is considered to be a security enhancement, but potentially might interfere with some custom logic around password expiration, if you have it implemented.

Ideally, you should test your setup when upgrading if you use the password expiration functionality.

If you'd like to deactivate the middleware, you can unregister it in your application config like this:

Name: disable-passwordExpirationMiddleware
  - '#coresecurity'
        PasswordExpirationMiddleware: null


  • PasswordValidator methods minLength, characterStrength, and checkHistoricalPasswords are now deprecated from 4.5.0 onwards (previously 5.0).

Change Log

API Changes

  • 2019-10-31 e2bea6b41 Add withConfig method (#9011) (Mojmir Fendek)
  • 2019-10-09 e236ce5 Add onBlur and onFocus handlers to Input field (Maxime Rainville)
  • 2019-08-06 4380d7d15 Add option to disable user-agent header session validation (Maxime Rainville)
  • 2019-06-18 83661c7 Add deprecation warnings to Versioned::VersionsList() and allVersions() (Robbie Averill)
  • 2019-05-30 0520d7746 checkHistoricalPasswords(), characterStrength() and minLength() are now correctly deprecated from 4.5.0 onwards (#9008) (Guy Marriott)
  • 2019-05-27 9bfce8c1a Add extension points to MigrateFileTask (#8994) (Maxime Rainville)
  • 2019-05-24 d87377995 checkHistoricalPasswords(), characterStrength() and minLength() are now correctly deprecated from 4.5.0 onwards (Robbie Averill)
  • 2019-05-23 5184cb9 Bump minimum PHP version to 7.1 (Robbie Averill)
  • 2019-05-23 c262dd3 Bump minimum PHP version to 7.1 (Robbie Averill)
  • 2019-05-23 002cb6b Bump minimum PHP version to 7.1 (Robbie Averill)
  • 2019-05-23 ac3534404 Drop PHP 5.6 and PHP 7.0 support in SS 4.5 (Sam Minnee)

Features and Enhancements

  • 2019-11-13 fbc5ca2 Tweak attribute filter logic to allow 'falsey' values (Garion Herman)
  • 2019-10-24 0173abc Add Injector.init callback (#974) (Aaron Carlino)
  • 2019-10-22 bed3f2b3c Add type declarations to Tip API, add TippableFieldInterface (Garion Herman)
  • 2019-10-22 195417b06 Extract Tip from TextField, add test coverage (Garion Herman)
  • 2019-10-21 e0f919d Add HTML editor button to switch to image size preset (#1018) (Maxime Rainville)
  • 2019-10-21 e59625fe5 Add ability to define image size preset for the TinyMCE editor. (#9276) (Maxime Rainville)
  • 2019-10-21 530b86e Add tip to Alt Text field in Insert Media dialog (Garion Herman)
  • 2019-10-17 ce97ec1 Add tests for Tip component, fix proptypes and story (Garion Herman)
  • 2019-10-15 3c7ba6d Extract Tip UI to independent component, add knobs to TextField (Garion Herman)
  • 2019-10-11 bbc6854 Tweak Tip UI render methods, remove autoOpen, add importance prop (Garion Herman)
  • 2019-10-11 efc7ba952 Tweak TextField Tip API to match changes to component (Garion Herman)
  • 2019-10-09 b4d2b92 Add Tip UI to InputField component, document on TextField (Garion Herman)
  • 2019-10-09 08a0811 Update icon font with new lamp, flag and ticket icons (Garion Herman)
  • 2019-10-09 74c350a Add Download file action to file meatballs button (#1011) (Andre Kiste)
  • 2019-10-08 4bb83ee Add Markdown loader to Pattern Library for advanced docs (Garion Herman)
  • 2019-10-06 a44bc5bcf Add support for Tip UI in TextField (Garion Herman)
  • 2019-10-02 c437316 UploadField dropzone validates filesize before uploading (Serge Latyntcev)
  • 2019-10-01 904b677 Enable 'upload_folder_id' config to set dialog folderid (#1009) (Damian Mooyman)
  • 2019-09-29 58c080db5 Option placeholder for upload folder id (#9262) (Damian Mooyman)
  • 2019-09-16 bcbf90a83 Introduce supported database transaction mode check (Michal Kleiner)
  • 2019-09-12 233e0e7aa PasswordExpirationMiddleware implementation (#9207) (Serge Latyntsev)
  • 2019-09-11 da6582f59 Remove web installer, move to separate package (#9231) (Aaron Carlino)
  • 2019-09-06 22a6a5b1e Add getLastName() method to Member.php (#9222) (Hels666)
  • 2019-08-20 c6f2070 Add a canMove callback which makes it possible to add conditional logic before moving nodes around the tree (bergice)
  • 2019-08-19 759601741 Use templates to render embed shortcodes (closes #8762) (Loz Calver)
  • 2019-08-02 7533ac709 HTTPRequest now has hasSession() to determine whether a ses… (#9159) (Guy Marriott)
  • 2019-08-01 0672f8b76 HTTPRequest now has hasSession() to determine whether a session exists for it (Robbie Averill)
  • 2019-07-26 be4ff49 Enhancement / Update travis config to use Xenial (Serge Latyntcev)
  • 2019-07-22 dd21ce2 Add universal permission checking for queries (#222) (Aaron Carlino)
  • 2019-07-21 cb91f5fa0 Added SRI support for Requirements::css, Requirements::javascript (#9139) (Chee Wai)
  • 2019-07-08 ec66d366d Deprecated PDO in favour of native drivers (#9052) (Guy Marriott)
  • 2019-07-05 6c9c6cd Large thumbnails fallback on URL (#964) (Aaron Carlino)
  • 2019-07-05 844d2ef13 DBDate and DBDatetime now support modify() with a strtotime() style adjustment string (#9105) (Robbie Averill)
  • 2019-07-02 571a4d9ac Added support for config condition if PHP extension is loaded (UndefinedOffset)
  • 2019-06-11 a968e7a Change .env.example to default to MySQL native driver (Sam Minnee)
  • 2019-06-11 27ace0327 Deprecated PDO in favour of native drivers (Sam Minnee)
  • 2019-05-28 b7c2491 Allow error pages for 402 and 451 status codes (Elliot Sawyer)
  • 2019-05-27 a7f0b5a Add technical message to error page on dev environments (Sam Minnee)
  • 2019-05-15 350888bf5 Adding a shuffle method to ArrayList (#8984) (Guy Marriott)
  • 2019-05-09 43b8000 Disable legacy resolution for new projects (#253) (Maxime Rainville)
  • 2019-05-02 5dc57518c Filter out authenticators that are falsy (Indy Griffiths)
  • 2019-04-30 fec0b4c Added ability to disable type caching on flush (Guy Marriott)
  • 2019-04-17 2d298d4 Add VersionedBadge for displaying versioning states in the CMS (Robbie Averill)
  • 2019-03-12 3a6a6e485 Add PHP 7.4’s daily snapshot to the travis suite. (Sam Minnee)


  • 2019-11-26 ed5dbc725 Fix extra blank Group being created when creating a new Group (#9325) (Andre Kiste)
  • 2019-11-18 8be36604 Linting failure (Garion Herman)
  • 2019-11-13 ea2a2b478 Adjust HTMLEditorField tests to support alt attr changes in assets (Garion Herman)
  • 2019-11-12 9648801 Gracefully handle lack of actions in HistoryViewer (Serge Latyntcev)
  • 2019-11-12 7045082a Cache page icons (#2493) (Adrian Humphreys)
  • 2019-11-07 3a00ecc Lowercase PHPUnit in composer.json to allow packagist to resolve 1.2.x-dev (Maxime Rainville)
  • 2019-11-05 c4c688f Do not include moment locales in bundle (Maxime Rainville)
  • 2019-10-31 f47ff4c Fix toast popping up forever (bergice)
  • 2019-10-28 f03b3a0 fixed creating multiple duplicate data objects (#961) (Guy Marriott)
  • 2019-10-23 15b21fc Remove deprecated uppercase characters from composer.json (#982) (Garion Herman)
  • 2019-10-23 5fc94b9 Revert scope change of TreeDropdownField hack and suppress linter (Garion Herman)
  • 2019-10-22 c96b7be Use arrow syntax to avoid unnamed function linting error (Garion Herman)
  • 2019-10-21 626d7c9 Update changelog template location config (Garion Herman)
  • 2019-10-20 2496de6 Fix ModelAdmin ignoring page_length (Damian Mooyman)
  • 2019-10-20 9004b50 Tidy variable use, shift padding out of example in Tip story (Garion Herman)
  • 2019-10-20 7a54920 Translate Tip aria-label, add docs, improve knobs (Garion Herman)
  • 2019-10-09 57e481f Add support for disabling the smallfield holder label on react FieldGroup (Maxime Rainville)
  • 2019-10-09 eb369ed Gracefully handle lack of versions in HistoryViewer (Serge Latyntcev)
  • 2019-10-08 3a3705d archive relationships, not related objects (Dylan Wagstaff)
  • 2019-10-07 d182f06 Minor code formatting improvement. (Maxime Rainville)
  • 2019-10-03 f1594fd99 Ensure that canCreate() context matches that respected by GridFieldAddNewButton (Damian Mooyman)
  • 2019-10-03 b3ccd48 Remove buggy code from LeftAndMain Breadcrumb (Maxime Rainville)
  • 2019-10-02 7db524bd9 DebugViewFrendlyErrorFormatter handle of admin_email (Serge Latyntcev)
  • 2019-09-30 be44178 fixed creating multiple duplicate data object by locking out save button on submit (Makreig)
  • 2019-09-30 daf995da6 Fix syntax error in DataList docs (Loz Calver)
  • 2019-09-29 2799265 Honour AssetAdminFile insert dimensions when inserting a new image (#1015) (Maxime Rainville)
  • 2019-09-29 f475826 Fix inlinting issue (Maxime Rainville)
  • 2019-09-29 30d816e Flush cache before every test in Sha1FileHashingServiceTest (Maxime Rainville)
  • 2019-09-29 52b2b3a Fix minor typos in the comments (Maxime Rainville)
  • 2019-09-26 959da81 Store the timestamp in the cache (Maxime Rainville)
  • 2019-09-25 255bf2f JSTree error if callback isn't passed (fixes #958) (Loz Calver)
  • 2019-09-24 fb36e03 Search for both Save and Apply change when running behat tests (Maxime Rainville)
  • 2019-09-24 f110bec Force alt attribute to render, remove fallback to image Title (Garion Herman)
  • 2019-09-23 aa7c05742 Don't force-add view button to readonly GridField (fixes #… (#9254) (Guy Marriott)
  • 2019-09-23 190b2f284 run member CMS validator when editing via groups (fixes #9… (#9255) (Guy Marriott)
  • 2019-09-23 efdb9cc71 run member CMS validator when editing via groups (fixes #9184) (Loz Calver)
  • 2019-09-23 d85ff3bc4 Don't force-add view button to readonly GridField (fixes #9249) (Loz Calver)
  • 2019-09-23 a2ddef0 Fix build (Maxime Rainville)
  • 2019-09-23 a6a108b Fix bad description for bulk delete actions (Maxime Rainville)
  • 2019-09-23 f177606 Update Apache .htaccess for new access directives (Dylan Wagstaff)
  • 2019-09-23 3f96b28 Fix broken existing tests (Maxime Rainville)
  • 2019-09-11 51f05c0 Fix Used On tab showing file links (bergice)
  • 2019-09-10 3510cc0 Add a status column to the table view (#980) (Maxime Rainville)
  • 2019-09-08 c16556158 Fix typos (Maxime Rainville)
  • 2019-09-06 f788a8a92 Member::getLastName() now correctly returns the Member surn… (#9226) (Guy Marriott)
  • 2019-09-06 e8c2f963f Member::getLastName() now correctly returns the Member surname (Robbie Averill)
  • 2019-08-28 10c10d5 When using the esc key to exist a popover, refocus to the target element (Maxime Rainville)
  • 2019-08-22 8e307292 Disable caching on page previews (CMSPreviews or stage=Stage) (Garion Herman)
  • 2019-08-19 cddd423 Sort action menus using numeric valuesrather than boolean (Maxime Rainville)
  • 2019-08-16 9d44a3b Optimise AssetAdminFile::nestedFolderIDs (Guy Marriott)
  • 2019-08-13 f8506c1 re-enable ability to insert anchors (Dylan Wagstaff)
  • 2019-08-12 d9cc265 Set better order for insert link menu (Maxime Rainville)
  • 2019-08-12 4960cc35 Set better order for insert link menu (Maxime Rainville)
  • 2019-08-12 d0f94b3 Set better order for insert link menu (Maxime Rainville)
  • 2019-08-02 6ec02da57 Allow multi-line content in grid field cells (Sam Minnee)
  • 2019-08-02 d088354f4 Write relations when saving in grid-field item edit form (Sam Minnee)
  • 2019-07-26 89eb6c88b Do not try and load fixtures from directories, fixes PHP 7.4 build errors (Robbie Averill)
  • 2019-07-24 d1c927ff2 Remove curly brace access to string offsets, deprecated in PHP 7.4 (Robbie Averill)
  • 2019-07-19 79fa61edf Type safety on nullable argument, fixes PHP 7.4 test (Robbie Averill)
  • 2019-07-18 2287da9 Fix ambiguous UploadField labels (Jonathon Menz)
  • 2019-07-17 c11d0f3 Resolving an issue where no .stories.js file would error (Guy Marriott)
  • 2019-07-10 f4913c5 Refresh icons (#905) (Guy Marriott)
  • 2019-07-10 04077d6 Refresh icons. (Maxime Rainville)
  • 2019-06-30 a638651 Fix some inconsistencies in the GraphQL docs. (bergice)
  • 2019-06-26 8917545 /NEW: Stories are now fetched dynamically from related modules (Guy Marriott)
  • 2019-06-23 6425852 Fix the TagsToShortcodeTask segment so it matches the class name, like every other BuildTask we have. (#297) (Andre Kiste)
  • 2019-06-18 e652b3e42 fix #9075 log example yml-config in docs (lerni)
  • 2019-06-17 093c3cf Hide iframe while loading in preview component (Guy Marriott)
  • 2019-06-14 1ee03da65 Fix PHPUnit operation on PHP 7.4 (Sam Minnee)
  • 2019-06-14 ea04c8c Remove unused gzip tinemce third party lib (Maxime Rainville)
  • 2019-06-14 abce98886 Temporarily allow PHP 7.4 build to fail without failing the entire build (Maxime Rainville)
  • 2019-06-13 b3093b7a1 Allow state to be shared across nested GridFields (Aaron Carlino)
  • 2019-06-10 654156d46 Fix bug when confirmed password is changed but not the password. (#9012) (Sam Minnée)
  • 2019-06-05 acfb84e Update modal designs to match design pattern library (Guy Marriott)
  • 2019-05-28 469e7ca0 Make test comparison less brittle in MigrateSiteTreeLinkingTaskTest (Sam Minnee)
  • 2019-05-27 7ef604807 Enable file hash caching when running the file migration task (#8993) (Maxime Rainville)
  • 2019-05-27 983d36b7e Better message when form action handler not found. (Sam Minnee)
  • 2019-05-27 7407096e9 List default items in the readonly view of ListboxField (Sam Minnee)
  • 2019-05-20 3142b35 #42: Remove excess RewriteCond and clean up comments to reflect current functionality. (Patrick Nelson)
  • 2019-05-17 1b3a4aea Page Type listed in Page Type dropdown when $can_be_root is false (Nic Horstmeier)
  • 2019-05-14 368c88d59 Fix link to related lesson (Federico Jaramillo Martínez)
  • 2019-05-14 207cf75dc Fix link to npmjs (Federico Jaramillo Martínez)
  • 2019-05-14 08e08160c Fix link to es6features (Federico Jaramillo Martínez)
  • 2019-05-10 ce9f6e3 Add offending class to exception message (Guy Marriott)
  • 2019-05-10 db5b2f8 Fix OptionField component title generation (Serge Latyntcev)
  • 2019-05-08 8a7327b Fix travis dependencies (Aaron Carlino)
  • 2019-05-06 4d21f34 Fix composer.json merge (Aaron Carlino)
  • 2019-04-29 cfba4cb Fixed core dependency to 4.x-dev (Ingo Schommer)
  • 2019-04-29 f02c756 Remove unused variable (Guy Marriott)
  • 2019-04-15 f63973f Disable unneeded File ID Helper on new project (Maxime Rainville)
  • 2019-04-09 91f168955 Fix reference to webconfig.php, an invalid file (Matt Peel)
  • 2019-02-01 031740e Scrolling out of auto-selected edit mode not switches back to split mode (Robbie Averill)