5.4.0#

Overview#

• Security considerations

• Features and enhancements

  • Sudo mode for sensitive data
  • Logged warning if allowed hosts have not been configured
  • New XssSanitiser class
  • Option to change ClassName column from enum to varchar
  • Reports quality of life updates
  • New class_description configuration on DataObject
  • oEmbed sandboxing
  • UX improvement for unique indexes
  • Other new features
• API changes
• Bug fixes

Security considerations#

This release includes several security fixes. Review the individual vulnerability disclosure for more detailed descriptions of each security fix. We highly encourage upgrading your project to include the latest security patches.

We have provided a severity rating of the vulnerabilities below based on the CVSS score. Note that the impact of each vulnerability could vary based on the specifics of each project. You can read the severity rating definitions in the Silverstripe CMS release process.

• CVE-2025-25197 XSS attack in elemental "Content blocks in use" report Severity: Medium
• CVE-2025-30148 XSS vulnerability in HTML editor Severity: Medium
• SS-2025-001 User enumeration via timing attack Severity: Medium

Released in January 2025#

Three security fixes that were previously released in the January security release are mentioned in the Silverstripe CMS security patches January 2025 blog post are listed below.

• CVE-2024-47605 - XSS via insert media remote file oembed Severity: Medium
• CVE-2024-53277 - XSS in form messages Severity: Medium
• SS-2024-002 - Reflected Cross Site Scripting (XSS) in error message Severity: None

Features and enhancements#

Sudo mode for sensitive data#

Some data managed by the CMS is always considered sensitive from a security point of view, such as member data and permissions assigned to groups. Data of this nature is now protected by default by "sudo mode" in the CMS. When a user tries to edit sensitive data, they will be prompted to enter their password to confirm their identity.

This change was made to provide an extra layer of protection against cross site scripting (XSS) attacks, as well as people maliciously using someone elses computer left unattended in a logged-in state.

Users will still be able to view sensitive data without entering their password as they could before. Previously "sudo mode" only protected a member's MFA settings. Now the following DataObject subclasses are also protected by sudo mode:

• Member
• Group
• PermissionRole
• PermissionRoleCode

You can also add sudo mode to your own DataObject subclass by setting the DataObject.require_sudo_mode configuration property to true. For example:

SomeModule\Model\Player:
  require_sudo_mode: true

Previously sudo mode was automatically activated when a user logged in, which largely negated the value the feature provided. This has now been changed so that users will always have to enter their password to activate sudo mode the first time they reach a sensitive area of the CMS.

There is still a configurable grace period where, after entering your password to activate sudo mode, it will remain active for a short time.

If you run end-to-end tests on the CMS which involve editing sensitive data you may need to update your tests to account for this change. If you use behat there are instructions for how to use an extension to automatically activate sudo mode in a feature file.

Learn more about sudo mode in the developer docs.

Logged warning if allowed hosts have not been configured#

If your site does not have one of the following configured, then a warning will now be logged on every request:

• SS_ALLOWED_HOSTS environment variable
• AllowedHostsMiddleware.AllowedHosts property

The "host" header is used by Silverstripe CMS to determine what the host name is for your project. This is useful when creating absolute URLs, e.g. for use in emails.

Notably this is used in Director::host(), which in turn is called by many methods including Director::hostName(), Director::protocolAndHost(), Director::is_site_url(), and Director::absoluteURL().

Ideally your hosting will reject invalid host headers. For example Apache allows you to define valid hosts as part of the virtual host configuration, and a Web Application Firewall (WAF) can also be configured to validate the host header. However if your hosting is set to allow any host header, your project might be vulnerable to host header injection attacks.

You should configure Silverstripe CMS to validate the host header, which is an extra layer of protection against this type of attack. While you should have appropriate validation at a hosting level, it is best practice to also configure this in your project.

This configuration has existed since 2016, but we've been alerted that many projects still have not configured their hosting nor their project to adequately validate host headers. To help prompt developers, we've added a warning which will be logged if the configuration is not set.

You can learn more about the relevant configuration in the secure coding documentation.

New XssSanitiser class#

By far the most common type of security vulnerability that gets reported to us is XSS vulnerabilities. In many cases we can remove the vulnerability vector by disallowing HTML altogether, or by removing HTML specifically from user-provided input. Sometimes we need to allow HTML content from the user, such as in the WYSIWYG editor in the CMS - and in those cases we can mitigate XSS vulnerabilities by removing specific XSS attack vectors from the HTML content.

To help with this, we've added a new XssSanitiser class, which removes some known XSS attack vectors from HTML content. Note that this should be used only in scenarios where the HTML content can't be completely removed, and should not be considered a complete protection against all XSS attack vectors but rather as simply one of many tools in your security tool box.

Option to change ClassName column from enum to varchar#

On websites with very large database tables it can take a long time to run dev/build, which can be a problem when deploying changes to production. This is because the ClassName column is an enum type which requires an a ALTER TABLE query to be run affecting every row whenever there is a new valid value for the column. For a very rough benchmark, running an ALTER TABLE query on a database table of 10 million records took 28.52 seconds on a mid-range 2023 laptop, though this time will vary depending on the database and hardware being used.

This release introduces a new configuration option to change the ClassName column to a varchar type which removes the need to run ALTER TABLE whenever there is a new valid value.

Enabling this will result in a trade-off where the size of the database will increase by approximately 7 MB per 100,000 rows. There will also be a very slow initial dev/build as all of the ClassName columns are switched to varchar. To enable this, add the following configuration:

SilverStripe\ORM\DataObject:
  fixed_fields:
    ClassName: DBClassNameVarchar

SilverStripe\ORM\FieldType\DBPolymorphicForeignKey:
  composite_db:
    Class: "DBClassNameVarchar('SilverStripe\\ORM\\DataObject', ['index' => false])"

Reports quality of life updates#

Numerous slight adjustments have been made to the ReportAdmin class for a better experience.

The changes include:

• Search capability added (making use of PartialMatchFilter)
• Sorting by columns now posssible
• Default Sort is now Title ASC
• Reports list is now paginated
• Description is now displayed in the list as a column

New class_description configuration on DataObject#

SiteTree and BaseElement both seperately implemented a description configuration property which was used to describe the purpose of a given subclass. For SiteTree this is used when creating a new page in the CMS. For BaseElement this is used in the elemental blocks report. In both cases the purpose is the same - it provides additional context about the intended use case for a given subclass.

We've now implemented this concept in DataObject directly with the new DataObject.class_description configuration property. It is now considered best practice to add a description of DataObject subclasses using this configuration. You can use the new DataObject::classDescription() and DataObject::i18n_classDescription() methods if you need a description of any DataObject class. Those methods already existed on SiteTree but have been moved up the hierarchy so they can be called on any DataObject class.

For now this is only used in the same places that used to use the deprecated configuration, but future minor releases are likely to broaden the scope of its usage.

As a part of this change, the SiteTree.description and BaseElement.description configuration properties are now deprecated. Use class_description instead.

The SilverStripe\CMS\Model\SiteTree.DESCRIPTION localisation key (along with the .DESCRIPTION suffix for any SiteTree subclass) will stop being used in a future major release. Use SilverStripe\CMS\Model\SiteTree.CLASS_DESCRIPTION instead.

oEmbed sandboxing#

As part of the fix for the security vulnerability CVE-2024-47605 we have added a new feature to sandbox returned oEmbed HTML content in an iframe tag.

You can explicitly declare domains which should be excluded from sandboxing if you find it is interfering with embeds from specific domains. For example if a YouTube embed was not rendering correctly as a result of the sandboxing you could use this YAML configuration:

SilverStripe\View\Shortcodes\EmbedShortcodeProvider:
  domains_excluded_from_sandboxing:
    - 'youtube.com'

Do not include the protocol (i.e. don't include https:// or http://).

You can also change the attributes of the iframe itself with this YAML configuration:

SilverStripe\View\Shortcodes\EmbedShortcodeProvider:
  sandboxed_iframe_attributes:
    allow: 'fullscreen'

UX improvement for unique indexes#

It has been possible to create unique indexes for DataObject models for a long time in Silverstripe CMS, but when these unique indexes were violated (i.e. a user tried to create a duplicate record), there was no UX feedback in the CMS.

Violating a unique index will now throw a new DuplicateEntryException exception which you can catch and handle to produce appropriate validation messages.

If the violation happens when calling DataObject::write(), the exception will be caught and a ValidationException will be thrown instead. The CMS catches any ValidationException and displays them as user friendly validation errors in edit forms.

See indexes to learn about indexes in Silverstripe CMS.

Other new features#

• A new BaseKernel::getBooted() method has been added for checking whether the kernel has been booted yet or not.
• A new CoreKernel::setBootDatabase() method has been added to replace the now deprecated DatabaselessKernel class.

• Two new methods have been added to ArrayLib:

  • ArrayLib::insertBefore() for inserting a value before another value in an array
  • ArrayLib::insertAfter() for inserting a value after another value in an array
• A new DBDatetime::getTimeBetween() method has been added. This method returns the amount of time that has passed between two DBDateTime objects as a human-readable string.
• A new AbstractQueuedJob::getQueue() static method has been added to get the correct queue constant from a given string or int.
• New GridFieldFilterHeader::setPlaceHolderText() and GridFieldFilterHeader::getPlaceHolderText() methods have been added which provide a way to override the GridFieldFilterHeader search field placeholder text if the dynamically generated text doesn't suit your use case.
• RequiredFields can be to set to determine whether a whitespace only value, such as a single space character, is considered a valid value or not. This can be set globally via the RequiredFields.allow_whitespace_only config, which has a default value of true to retain backwards compatibility. This can also be set on a per-instance basis via RequiredFields::setAllowWhitespaceOnly() which will override the global config. See form validation docs for more details.

API changes#

Return type changes in composer plugins#

We have made an exception to our definition of public API by adding a return type to the execute() method in the symfony commands for silverstripe/vendor-plugin and silverstripe/recipe-plugin.

The exception was made for the following reasons:

• This change ensures CMS 5 can continue to be installed in scenarios where Composer is installed with Symfony 7. This can be done manually, and is also likely to be a future default.
• The likelihood of someone subclassing the relevant classes is very low.
• For installations of installer with earlier versions of Symfony this won't cause any problems, since PHP allows return types to be more specific in subclasses. This is known as covariance.

Deprecated API#

• The class names for the TopPage feature in dnadesign/silverstripe-elemental do not follow the correct naming convention for Silverstripe CMS. The existing classes have been deprecated and will be renamed to match the correct naming convention in a future major release.
• SilverStripe\ORM\ArrayLib has been deprecated. It will be renamed to SilverStripe\Core\ArrayLib
• SilverStripe\ORM\ArrayList has been deprecated. It will be renamed to SilverStripe\Model\List\ArrayList
• SilverStripe\ORM\Filterable has been deprecated. It will be merged into SS_List.
• SilverStripe\ORM\GroupedList has been deprecated. It will be renamed to SilverStripe\Model\List\GroupedList
• SilverStripe\ORM\Limitable has been deprecated. It will be merged into SS_List.
• SilverStripe\ORM\ListDecorator has been deprecated. It will be renamed to SilverStripe\Model\List\ListDecorator
• SilverStripe\ORM\Map has been deprecated. It will be renamed to SilverStripe\Model\List\Map
• SilverStripe\ORM\PaginatedList has been deprecated. It will be renamed to SilverStripe\Model\List\PaginatedList
• SilverStripe\ORM\Sortable has been deprecated. It will be merged into SS_List.
• SilverStripe\ORM\SS_List has been deprecated. It will be renamed to SilverStripe\Model\List\SS_List
• SilverStripe\ORM\ValidationException has been deprecated. It will be renamed to SilverStripe\Core\Validation\ValidationException
• SilverStripe\ORM\ValidationResult has been deprecated. It will be renamed to SilverStripe\Core\Validation\ValidationResult
• SilverStripe\View\ArrayData has been deprecated. It will be renamed to SilverStripe\Model\ArrayData
• SilverStripe\View\ViewableData has been deprecated. It will be renamed to SilverStripe\Model\ModelData
• SilverStripe\View\ViewableData_Customised has been deprecated. It will be renamed to SilverStripe\Model\ModelDataCustomised
• SilverStripe\View\ViewableData_Debugger has been deprecated. It will be renamed to SilverStripe\Model\ModelDataDebugger
• CliBypass has been deprecated. It will be removed without equivalent functionality to replace it.
• CliController has been deprecated. It will be replaced with symfony/console commands.
• DatabaselessKernel has been deprecated. Use CoreKernel::setBootDatabase() instead.
• BuildTask.segment has been deprecated. It will be replaced with a new $commandName property.
• BuildTask->description has been deprecated. It will be replaced with a new static property with the same name.
• BuildTask::getDescription() has been deprecated. It will be replaced with a new static method with the same name.
• DevBuildController has been deprecated. It will be replaced with a new SilverStripe\Dev\Command\DbBuild class.
• DevConfigController has been deprecated. It will be replaced with a new SilverStripe\Dev\Command\ConfigDump class.
• DatabaseAdmin has been deprecated. It will be replaced with a new SilverStripe\Dev\Command\DbBuild class.
• DevelopmentAdmin::buildDefaults() has been deprecated. It will be replaced with a new SilverStripe\Dev\Command\DbDefaults class.
• DevelopmentAdmin::generatesecuretoken() has been deprecated. It will be replaced with a new SilverStripe\Dev\Command\GenerateSecureToken class.
• DevelopmentAdmin::getRegisteredController() has been deprecated. It will be removed without equivalent functionality to replace it.
• DevelopmentAdmin.registered_controllers has been deprecated. It will be replaced with new controllers and commands configuration properties.
• CleanupTestDatabasesTask::canView() has been deprecated. It will be replaced with a new canRunInBrowser() method.
• HTTPOutputHandler has been deprecated. It will be renamed to SilverStripe\Logging\ErrorOutputHandler
• Build has been deprecated. It will be replaced with a new SilverStripe\GraphQL\Dev\SchemaBuild class.
• DevelopmentAdmin has been deprecated. It will be removed without equivalent functionality to replace it.
• DevBuildExtension has been deprecated. It will be renamed to SilverStripe\GraphQL\Extensions\DbBuildExtension
• LDAPGroupSyncTask::log() has been deprecated. It will be removed without equivalent functionality to replace it.
• LDAPMemberSyncTask::log() has been deprecated. It will be removed without equivalent functionality to replace it.
• LDAPMigrateExistingMembersTask::log() has been deprecated. It will be removed without equivalent functionality to replace it.
• SubsiteCopyPagesTask::log() has been deprecated. It will be removed without equivalent functionality to replace it.
• CheckExternalLinksTask::log() has been deprecated. It will be removed without equivalent functionality to replace it.
• CheckExternalLinksTask::setSilent() has been deprecated. It will be removed without equivalent functionality to replace it.
• CheckExternalLinksTask->silent has been deprecated. It will be removed without equivalent functionality to replace it.
• RealMeSetupTask::message() has been deprecated. It will be removed without equivalent functionality to replace it.
• StaticCacheFullBuildTask::log() has been deprecated. It will be removed without equivalent functionality to replace it.
• ContentReviewOwnerMigrationTask has been deprecated. It will be removed without equivalent functionality to replace it.
• CronTaskController has been deprecated. It will be replaced with a new SilverStripe\CronTask\Cli\CronTaskCommand class.
• Clear has been deprecated. It will be replaced with a new SilverStripe\GraphQLDevTools\SchemaClear class.
• ConvertTranslatableTask has been deprecated. It will be removed without equivalent functionality to replace it.
• Exception has been deprecated. It will be removed without equivalent functionality to replace it.
• UpdatePackageInfoTask->supportedAddonsLoader has been deprecated. It will be removed without equivalent functionality to replace it.
• UpdatePackageInfoTask::getSupportedAddonsLoader() has been deprecated. It will be removed without equivalent functionality to replace it.
• UpdatePackageInfoTask::setSupportedAddonsLoader() has been deprecated. It will be removed without equivalent functionality to replace it.
• ProcessJobQueueChildTask has been deprecated. It will be replaced with a new Symbiote\QueuedJobs\Cli\ProcessJobQueueChildCommand class.
• ProcessJobQueueTask::getQueue() has been deprecated. Use AbstractQueuedJob::getQueue() instead.
• HTTPOutputHandler::isCli() has been deprecated. Use Director::is_cli() instead instead.
• PasswordValidator has been deprecated. It will be renamed to SilverStripe\Security\Validation\RulesPasswordValidator.
• ContentReviewEmails::isValidEmail() has been deprecated. Use Email::is_valid_address() instead.
• The DBField.defaultVal property has been deprecated. Use DBField::getDefaultValue() and DBField::setDefaultValue() instead.
• DBFile::validate() has been deprecated. Use DBFile::validateFilename() instead.
• ContentController::Menu() has been deprecated. Use ContentController::getMenu() instead if calling the method in PHP. You can continue to use $Menu in templates, including passing arguments to it.
• GridFieldDataColumns::getValueFromRelation() has been deprecated. It will be removed without equivalent functionality to replace it.
• ViewableData::castingClass() has been deprecated. It will be removed without equivalent functionality to replace it.
• ViewableData::escapeTypeForField() has been deprecated. It will be removed without equivalent functionality to replace it.
• ViewableData::objCacheName() has been deprecated. It will be made private. The corresponding ViewableData::objCacheSet() and ViewableData::objCacheGet() methods will change method signature to not require passing in the cache key.
• The $cacheName parameter for the ViewableData::obj() method has been deprecated. It will be removed without equivalent functionality to replace it.
• ViewableData::cachedCall() has been deprecated. Use ViewableData::obj() instead.
• ViewableData::XML_val() has been deprecated. It will be removed without equivalent functionality to replace it.
• ViewableData::getXMLValues() has been deprecated. It will be removed without equivalent functionality to replace it.
• The $parser parameter for the SSViewer::__construct() method has been deprecated. It will be removed without equivalent functionality to replace it.
• SSViewer::flush() has been deprecated. It will be replaced with SilverStripe\TemplateEngine\SSTemplateEngine::flush().
• SSViewer::fromString() has been deprecated. It will be replaced with SilverStripe\TemplateEngine\SSTemplateEngine::renderString().
• SSViewer::topLevel() has been deprecated. It will be removed without equivalent functionality to replace it.
• SSViewer::chooseTemplate() has been deprecated. It will be removed without equivalent functionality to replace it.
• SSViewer::setTemplate() has been deprecated. It will be replaced with SilverStripe\TemplateEngine\SSTemplateEngine::setTemplate().
• SSViewer::setParser() has been deprecated. It will be replaced with SilverStripe\TemplateEngine\SSTemplateEngine::setParser().
• SSViewer::getParser() has been deprecated. It will be replaced with SilverStripe\TemplateEngine\SSTemplateEngine::getParser().
• SSViewer::hasTemplate() has been deprecated. It will be replaced with SilverStripe\TemplateEngine\SSTemplateEngine::hasTemplate().
• SSViewer::exists() has been deprecated. It will be removed without equivalent functionality to replace it.
• SSViewer::getTemplateFileByType() has been deprecated. It will be removed without equivalent functionality to replace it.
• SSViewer::flush_template_cache() has been deprecated. It will be replaced with SilverStripe\TemplateEngine\SSTemplateEngine::flushTemplateCache().
• SSViewer::flush_cacheblock_cache() has been deprecated. It will be replaced with SilverStripe\TemplateEngine\SSTemplateEngine::flushCacheBlockCache().
• SSViewer::setPartialCacheStore() has been deprecated. It will be replaced with SilverStripe\TemplateEngine\SSTemplateEngine::setPartialCacheStore().
• SSViewer::getPartialCacheStore() has been deprecated. It will be replaced with SilverStripe\TemplateEngine\SSTemplateEngine::getPartialCacheStore().
• SSViewer::includeGeneratedTemplate() has been deprecated. It will be replaced with SilverStripe\TemplateEngine\SSTemplateEngine::includeGeneratedTemplate().
• The $inheritedScope parameter for the SSViewer::process() method has been deprecated. It will be removed without equivalent functionality to replace it.
• SSViewer::getSubtemplateFor() has been deprecated. It will be replaced with SilverStripe\TemplateEngine\SSTemplateEngine::getSubtemplateFor().
• SSViewer::parseTemplateContent() has been deprecated. It will be replaced with SilverStripe\TemplateEngine\SSTemplateEngine::parseTemplateContent().
• SSViewer::templates() has been deprecated. It will be removed without equivalent functionality to replace it.
• SSViewer::setTemplateFile() has been deprecated. It will be removed without equivalent functionality to replace it.
• SSViewer::get_base_tag() has been deprecated. Use SSViewer::getBaseTag() instead.
• SSViewer_DataPresenter has been deprecated. It will be merged into SSViewer_Scope.
• SSViewer_FromString has been deprecated. It will be replaced with SilverStripe\TemplateEngine\SSTemplateEngine::renderString().
• SSViewer_Scope::getItem() has been deprecated. Use SSViewer_Scope::getCurrentItem() instead.
• SSViewer_Scope::obj() has been deprecated. It will be renamed to scopeToIntermediateValue().
• SSViewer_Scope has been deprecated. It will be renamed to SilverStripe\TemplateEngine\ScopeManager.
• SSViewer::execute_template() has been deprecated. It will be removed without equivalent functionality to replace it.
• SSViewer::execute_string() has been deprecated. It will be removed without equivalent functionality to replace it.
• ThemeResourceLoader::findTemplate() has been deprecated. It will be removed without equivalent functionality to replace it.
• FlushMiddleware has been deprecated. It will be replaced with flushing inside the Kernel directly.
• The LeftAndMain.tree_class configuration property has been deprecated. It will be renamed to model_class.
• SiteConfigLeftAndMain::save_siteconfig() has been deprecated. It will be replaced with save().
• SSViewer_BasicIteratorSupport has been deprecated. It will be renamed to SilverStripe\TemplateEngine\BasicIteratorSupport.
• SSTemplateParseException has been deprecated. It will be renamed to SilverStripe\TemplateEngine\Exception\SSTemplateParseException.
• SSTemplateParser has been deprecated. It will be renamed to SilverStripe\TemplateEngine\SSTemplateParser.
• TemplateIteratorProvider has been deprecated. It will be renamed to SilverStripe\TemplateEngine\TemplateIteratorProvider.
• TemplateParser has been deprecated. It will be renamed to SilverStripe\TemplateEngine\TemplateParser.
• ElementalAreaController::removeNamespacesFromFields() has been deprecated. It will be removed without equivalent functionality to replace it.
• BaseElement::updateFromFormData() has been deprecated. It will be removed without equivalent functionality to replace it.
• DBEnum::flushCache() has been deprecated. Use DBEnum::reset() instead.
• The BaseElement.description configuration property has been deprecated. Use DataObject.class_description instead.
• The SiteTree.description configuration property has been deprecated. Use DataObject.class_description instead.
• FormField::extendValidationResult() has been deprecated. Use extend() directly instead.
• SubsiteXHRController::canAccess() has been deprecated. It will be removed without equivalent functionality to replace it.
• LeftAndMainSubsites::ListSubsites() has been deprecated. Use SubsiteSwitchList() instead.
• LeftAndMain::methodSchema() has been deprecated. It will be replaced with SilverStripe\Admin\FormSchemaController::schema().
• LeftAndMain::Modals() has been deprecated. It will be removed without equivalent functionality to replace it.
• ModalController::getController() has been deprecated. It will be removed without equivalent functionality to replace it.
• ModalController::getName() has been deprecated. It will be removed without equivalent functionality to replace it.
• CampaignAdminExtension has been deprecated. It will be replaced with SilverStripe\CampaignAdmin\Extensions\FileFormFactoryExtension.
• CMSPageEditController::addtocampaign() has been deprecated. It will be moved to SilverStripe\CampaignAdmin\Extensions\AddToCampaignExtension.
• CMSPageEditController::AddToCampaignForm() has been deprecated. It will be moved to SilverStripe\CampaignAdmin\Extensions\AddToCampaignExtension.
• CMSPageEditController::getAddToCampaignForm() has been deprecated. It will be moved to SilverStripe\CampaignAdmin\Extensions\AddToCampaignExtension.
• AssetAdmin::addtocampaign() has been deprecated. It will be moved to SilverStripe\CampaignAdmin\Extensions\AddToCampaignExtension.
• AssetAdmin::AddToCampaignForm() has been deprecated. It will be moved to SilverStripe\CampaignAdmin\Extensions\AddToCampaignExtension.
• AssetAdmin::getAddToCampaignForm() has been deprecated. It will be moved to SilverStripe\CampaignAdmin\Extensions\AddToCampaignExtension.
• ModalController::EditorExternalLink() has been deprecated. It will be replaced with SilverStripe\Admin\ModalController::linkModalForm().
• ModalController::EditorEmailLink() has been deprecated. It will be replaced with SilverStripe\Admin\ModalController::linkModalForm().
• RemoteFileModalExtension::getRequest() has been deprecated. Use RemoteFileModalExtension::getOwner()->getRequest() instead.
• RemoteFileModalExtension::getFormSchema() has been deprecated. It will be removed without equivalent functionality to replace it.
• RemoteFileModalExtension::getSchemaResponse() has been deprecated. It will be replaced with RemoteFileModalExtension::getOwner()->getSchemaResponse().
• InternalLinkModalExtension has been deprecated. It will be replaced with configuration on ModalController.
• FormField::validate() will take zero arguments and return a ValidationResult object instead of a boolean in CMS 6.0.0.
• FieldsValidator has been deprecated. It will be replaced with functionality inside Form::validate().
• Validator has been deprecated. It will be renamed to SilverStripe\Forms\Validation\Validator.
• RequiredFields has been deprecated. It will be renamed to SilverStripe\Forms\Validation\RequiredFieldsValidator.
• CompositeValidator has been deprecated. It will be renamed to SilverStripe\Forms\Validation\CompositeValidator.
• UserFormsRequiredFields has been deprecated. It will be renamed to SilverStripe\UserForms\Form\UserFormsRequiredFieldsValidator.
• AWRequiredFields has been deprecated. It will be renamed to Symbiote\AdvancedWorkflow\Forms\AWRequiredFieldsValidator.
• CMSPreviewable::CMSEditLink() has been deprecated. It will be renamed to getCMSEditLink().
• CMSEditLinkExtension::CMSEditLink() has been deprecated. It will be replaced with SilverStripe\ORM\DataObject::getCMSEditLink() and updateCMSEditLink().
• LeftAndMain::currentPageID() has been deprecated. Use LeftAndMain::currentRecordID() instead.
• LeftAndMain::setCurrentPageID() has been deprecated. Use LeftAndMain::setCurrentRecordID() instead.
• LeftAndMain::currentPage() has been deprecated. Use LeftAndMain::currentRecord() instead.
• LeftAndMain::isCurrentPage() has been deprecated. Use LeftAndMain::isCurrentRecord() instead.
• The SiteTree.need_permission configuration property has been deprecated. Use SiteTree::canCreate() instead.
• The SiteTree.icon configuration property has been deprecated. It will be renamed to cms_icon.
• The SiteTree.icon_class configuration property has been deprecated. It will be renamed to cms_icon_class. This applies to all subclasses of SiteTree as well.
• CMSMain::PageList() has been deprecated. It will be renamed to RecordList().
• CMSMain::PageListSidebar() has been deprecated. It will be removed without equivalent functionality to replace it.
• CMSMain::LinkPages() has been deprecated. Use CMSMain::LinkRecords() instead.
• CMSMain::LinkPagesWithSearch() has been deprecated. Use CMSMain::LinkRecordsWithSearch() instead.
• CMSMain::LinkPageEdit() has been deprecated. Use CMSMain::LinkRecordEdit() instead.
• CMSMain::LinkPageSettings() has been deprecated. Use CMSMain::LinkRecordSettings() instead.
• CMSMain::LinkPageHistory() has been deprecated. Use CMSMain::LinkRecordHistory() instead.
• CMSMain::LinkPageAdd() has been deprecated. Use CMSMain::LinkRecordAdd() instead.
• CMSMain::LinkPreview() has been deprecated. Use SiteTree::CMSEditLink() instead.
• CMSMain::SiteTreeAsUL() has been deprecated. Use CMSMain::TreeAsUL() instead.
• CMSMain::getSiteTreeFor() has been deprecated. Use CMSMain::getTreeFor() instead.
• CMSMain::CanOrganiseSitetree() has been deprecated. Use CMSMain::canOrganiseTree() instead.
• CMSMain::getSearchContext() has been deprecated. It will be replaced with SiteTree::getDefaultSearchContext().
• CMSMain::getPageTypes() has been deprecated. Use CMSMain::getRecordTypes() instead.
• CMSMain::PageTypes() has been deprecated. Use CMSMain::RecordTypes() instead.
• CMSMain::SiteTreeHints() has been deprecated. Use CMSMain::TreeHints() instead.
• CMSMain::performPublish() has been deprecated. Use RecursivePublishable::publishRecursive() instead.
• CMSPageAddController has been deprecated. It will be replaced with SilverStripe\CMS\Forms\CMSMainAddForm.
• CMSPagesController has been deprecated. It will be combined back into CMSMain.
• CMSSiteTreeFilter::getPageClasses() has been deprecated. It will be removed without equivalent functionality to replace it.
• CMSSiteTreeFilter::isPageIncluded() has been deprecated. It will be removed without equivalent functionality to replace it.
• LeftAndMainPageIconsExtension has been deprecated. It will be renamed to SilverStripe\CMS\Controllers\LeftAndMainRecordIconsExtension.
• LeftAndMainPageIconsExtension::generatePageIconsCss() has been deprecated. Use LeftAndMainPageIconsExtension::generateRecordIconsCss() instead.
• CurrentPageIdentifier has been deprecated. It will be renamed to SilverStripe\CMS\Model\CurrentRecordIdentifier.
• CurrentPageIdentifier::currentPageID() has been deprecated. It will be renamed to currentRecordID().
• CurrentPageIdentifier::isCurrentPage() has been deprecated. It will be renamed to isCurrentRecord().
• SiteTree::page_type_classes() has been deprecated. Will be replaced with updateAllowedSubClasses().
• SiteTree::setCreatableChildrenCache() has been deprecated. It will be replaced with SilverStripe\CMS\Controllers\CMSMain::setCreatableChildrenCache().
• SiteTree::getCreatableChildrenCache() has been deprecated. It will be replaced with SilverStripe\CMS\Controllers\CMSMain::getCreatableChildrenCache().
• SiteTree::getPermissionChecker() has been deprecated. It will be replaced with a non-static method of the same name.
• SiteTree::flushMemberCache() has been deprecated. It will be replaced with SilverStripe\CMS\Controllers\CMSMain::clearCache().
• SiteTree::creatableChildPages() has been deprecated. It will be replaced with SilverStripe\CMS\Controllers\CMSMain::getCreatableSubClasses().
• SiteTree::getIconClass() has been deprecated. It will be replaced with SilverStripe\CMS\Controllers\CMSMain::getRecordIconCssClass().
• SiteTree::getPageIconURL() has been deprecated. It will be replaced with SilverStripe\CMS\Controllers\CMSMain::getRecordIconUrl().
• SiteTree::generateChildrenCacheKey() has been deprecated. It will be replaced with SilverStripe\CMS\Controllers\CMSMain::generateChildrenCacheKey().
• Form::validationResult() has been deprecated. Use Form::validate() instead.
• Director::get_session_environment_type() has been deprecated. Use Director::get_environment_type() instead.
• Use of the CUSTOM_INCLUDE_PATH constant to change the PHP include path has been deprecated and will not work in a future major release.
• SessionEnvTypeSwitcher has been deprecated. It will be removed without equivalent functionality to replace it.
• VersionProvider::getComposerLockPath() has been deprecated. It will be removed without equivalent functionality to replace it.
• FlushInvalidatedResource::getResource() has been deprecated. It will be removed without equivalent functionality to replace it.
• Subsite::getMembersByPermission() has been deprecated. It will be removed without equivalent functionality to replace it.
• The $join parameter for the Subsite::get_from_all_subsites() method has been deprecated. Use leftJoin($table, $joinClause) instead.
• Passing a boolean value to the $mergeStrategy argument in Form::loadDataFrom() has been deprecated. Pass Form::MERGE_CLEAR_MISSING instead of true and 0 instead of false.
• The HTTP.ignoreDeprecatedCaching configuration property has been deprecated. It will be removed without equivalent functionality to replace it.
• FormField::Value() has been deprecated. It will be replaced by getFormattedValue() and getValue().
• TextareaField::ValueEntities() has been deprecated. It will be replaced by getFormattedValueEntities().
• Passing null for the $code parameter in ValidationResult::addError() is deprecated. Pass a blank string instead.
• Passing null for the $cast parameter in ValidationResult::addError() is deprecated. Pass a ValidationResult::CAST_* constant instead.
• Passing null for the $code parameter in ValidationResult::addFieldError() is deprecated. Pass a blank string instead.
• Passing null for the $cast parameter in ValidationResult::addFieldError() is deprecated. Pass a ValidationResult::CAST_* constant instead.
• Passing null for the $code parameter in ValidationResult::addMessage() is deprecated. Pass a blank string instead.
• Passing null for the $cast parameter in ValidationResult::addMessage() is deprecated. Pass a ValidationResult::CAST_* constant instead.
• Passing null for the $code parameter in ValidationResult::addFieldMessage() is deprecated. Pass a blank string instead.
• Passing null for the $cast parameter in ValidationResult::addFieldMessage() is deprecated. Pass a ValidationResult::CAST_* constant instead.
• Passing null for the $cast parameter in Form::sessionMessage() is deprecated. Pass a ValidationResult::CAST_* constant instead.
• Passing null for the $cast parameter in Form::sessionError() is deprecated. Pass a ValidationResult::CAST_* constant instead.
• Passing null for the $cast parameter in Form::sessionFieldError() is deprecated. Pass a ValidationResult::CAST_* constant instead.
• DBInt::Times() has been deprecated. It will be removed without equivalent functionality to replace it.
• Controller::has_curr() has been deprecated. It will be removed without equivalent functionality to replace it.
• UserFormsColumnCleanTask has been deprecated. It will be removed without equivalent functionality to replace it.
• The LeftAndMain_SearchFilter interface has been deprecated. It will be removed without equivalent functionality to replace it.
• The LeftAndMain::getSearchFilter() has been deprecated. It will be removed without equivalent functionality to replace it.
• LeftAndMain::SCHEMA_HEADER constant has been deprecated. Use FormSchema::SCHEMA_HEADER instead.
• GridFieldFilterHeader::getSearchFieldSchema() has been deprecated. It will be replaced with SilverStripe\ORM\Search\SearchContextForm::getSchemaData().
• GridFieldFilterHeader::getSearchFormSchema() has been deprecated. It will be replaced with SilverStripe\Forms\FormRequestHandler::getSchema().
• CMSMain::getSearchFieldSchema() has been deprecated. It will be replaced with SilverStripe\ORM\Search\SearchContextForm::getSchemaData().
• CMSMain::getQueryFilter() has been deprecated. It will be removed without equivalent functionality to replace it.
• CMSMain::getList() has been deprecated. It will be removed without equivalent functionality to replace it.
• CMSSiteTreeFilter::getChildrenMethod() has been deprecated. It will be removed without equivalent functionality to replace it.
• CMSSiteTreeFilter::getNumChildrenMethod() has been deprecated. It will be removed without equivalent functionality to replace it.
• CMSSiteTreeFilter::pagesIncluded() has been deprecated. It will be removed without equivalent functionality to replace it.
• CMSSiteTreeFilter::populateIDs() has been deprecated. It will be removed without equivalent functionality to replace it.
• CMSSiteTreeFilter::applyDefaultFilters() has been deprecated. It will be removed without equivalent functionality to replace it.
• CMSSiteTreeFilter::mapIDs() has been deprecated. It will be removed without equivalent functionality to replace it.
• ElementSiteTreeFilterSearch has been deprecated. It will be replaced with DNADesign\Elemental\ORM\Search\ElementalSiteTreeSearchContext.
• ElementalCMSMainExtension has been deprecated. It will be removed without equivalent functionality to replace it.
• The HTMLEditorField.fixed_row_height configuration property has been deprecated. It will be replaced with SilverStripe\Forms\HTMLEditor\HTMLEditorConfig.fixed_row_height.
• HTMLEditorSanitiser::patternToRegex() has been deprecated. It will be replaced with SilverStripe\Forms\HTMLEditor\HTMLEditorRuleSet::patternToRegex().
• HTMLEditorSanitiser::addValidElements() has been deprecated. It will be replaced with SilverStripe\Forms\HTMLEditor\HTMLEditorRuleSet.
• HTMLEditorSanitiser::getRuleForElement() has been deprecated. It will be replaced with SilverStripe\Forms\HTMLEditor\HTMLEditorRuleSet::getRuleForElement().
• HTMLEditorSanitiser::getRuleForAttribute() has been deprecated. It will be replaced with logic in SilverStripe\Forms\HTMLEditor\HTMLEditorElementRule.
• HTMLEditorSanitiser::elementMatchesRule() has been deprecated. It will be replaced with SilverStripe\Forms\HTMLEditor\HTMLEditorRuleSet::isElementAllowed().
• HTMLEditorSanitiser::attributeMatchesRule() has been deprecated. It will be replaced with SilverStripe\Forms\HTMLEditor\HTMLEditorElementRule::isAttributeAllowed().
• TinyMCECombinedGenerator has been deprecated. It will be replaced with SilverStripe\TinyMCE\TinyMCECombinedGenerator.
• TinyMCEConfig has been deprecated. It will be replaced with SilverStripe\TinyMCE\TinyMCEConfig.
• TinyMCEScriptGenerator has been deprecated. It will be replaced with SilverStripe\TinyMCE\TinyMCEScriptGenerator.
• FixtureContext::iSelectValueInAnchorDropdown() has been deprecated. It will be replaced with SilverStripe\CMS\Tests\Behaviour\AnchorContext::iSelectValueInAnchorDropdown().
• ListDecorator::TotalItems() has been deprecated. Use ListDecorator::getTotalItems() instead.
• PaginatedList::TotalItems() has been deprecated. Use PaginatedList::getTotalItems() instead.
• SolrIndexCheck has been deprecated. It will be removed without equivalent functionality to replace it.

Bug fixes#

This release includes a number of bug fixes to improve a broad range of areas. Check the change logs for full details of these fixes split by module. Thank you to the community members that helped contribute these fixes as part of the release!

Change to error logging#

Some errors were incorrectly being logged using the error handler service, which resulted in displaying the error in the browser and CLI and, in live mode, not displaying the rest of the response to users.

This was the result of a misunderstanding about the difference between the Psr\Log\LoggerInterface.errorhandler error handler service and the Psr\Log\LoggerInterface logging service.

The Psr\Log\LoggerInterface.errorhandler error handler service should not be used for logging - its purpose is to handle the display of uncaught exceptions and PHP errors.

Errors that were being logged to the error handler service are now being logged using the logging service instead. If you have connected a logging handler to that service, we recommend instead following the instructions in configuring error logging to attach your logging handler only to the logging service, which will also allow you to handle logging for the uncaught exceptions and errors the error handler displays.

Change log#

Security#

• silverstripe/framework (5.3.0 -> 5.4.0)

  • 2025-03-19 e99cfd62d Handle backspace characters in XSS (Steve Boyd) - See cve-2025-30148
  • 2025-01-29 3cafa4cbf [SS-2025-001] Introduce delay to prevent time-based attacks (Guy Sartorelli) - See ss-2025-001
  • 2025-01-14 74904f539 Sanitise form messages against XSS attacks (#11555) (Guy Sartorelli) - See cve-2024-53277
  • 2025-01-14 09b5052c8 Wrap embeds containing script or style tags in an iframe (#11554) (Guy Sartorelli) - See cve-2024-47605
  • 2025-01-14 a555dad4e [SS-2024-002] Detect if debugging in HTML context (#11553) (Guy Sartorelli) - See ss-2024-002

• dnadesign/silverstripe-elemental (5.3.0 -> 5.4.0)

  • 2025-04-09 34ff4ed Prevent XSS in content blocks in use report (#1345) (Guy Sartorelli) - See cve-2025-25197
  • 2025-02-18 f91d48b Prevent XSS in content blocks in use report (Steve Boyd) - See cve-2025-25197

Features and enhancements#

• silverstripe/config (2.1.1 -> 2.2.0)

  • 2024-10-20 be1e82a Do not emit deprecation notices for supported modules by default (Steve Boyd)

• silverstripe/framework (5.3.0 -> 5.4.0)

  • 2025-03-18 922dfd0c2 Add GridFieldSudoMode component (Steve Boyd)
  • 2025-03-04 86203fdbd Make SudoModeService extensible (Steve Boyd)
  • 2025-02-19 671b1e1c0 Form sudo mode (Steve Boyd)
  • 2025-02-16 5fa5a0c46 Add a warning if allowed hosts is not set. (#11612) (Guy Sartorelli)
  • 2025-02-04 042da0b09 don't count twice on a GridField if there is a GridFieldPaginator (#11593) (Thomas Portelange)
  • 2025-02-04 dac6b9e6a Don't make queries if no custom config is set (#11591) (Thomas Portelange)
  • 2025-02-03 9d1741cec Add sortByField and remove mysql specific code from DataList (#11588) (Thomas Portelange)
  • 2025-01-29 82fa0f01a Scaffold GridFieldFilterHeader filters for ArrayList based GridFields. (#11575) (Mojmir Fendek)
  • 2025-01-27 31e5e4f28 support variables as second and third argument (#11521) (Thomas Portelange)
  • 2025-01-15 7e6c80936 Provide clear UX validation errors when violating unique index (#11558) (Guy Sartorelli)
  • 2024-12-05 beaefaeeb Config to toggle allowing whitespace only in Requiredfields (Steve Boyd)
  • 2024-11-11 5b16f7de8 Provide new class description config and methods. (Guy Sartorelli)
  • 2024-10-20 7401bcf02 Do not output core code deprecation messages by default (Steve Boyd)
  • 2024-10-11 ebbd6427b Allow overriding GridFieldFilterHeader placeholder (#11418) (Guy Sartorelli)
  • 2024-09-10 a0ad75397 Create DBClassNameVarchar (Steve Boyd)

• silverstripe/admin (2.3.0 -> 2.4.0)

  • 2025-03-18 d1f64688 Show collapsed sudo message on GridFields (Steve Boyd)
  • 2025-02-20 a3ec77bb Refactor sudo mode components to reduce code reuse (#1905) (Guy Sartorelli)
  • 2025-02-19 59c1d8b0 SudoModePasswordField component (Steve Boyd)
  • 2024-11-01 32730a82 Adding ignore_menuitem into LeftAndMain (Chris Lock)
  • 2024-09-19 6f83afee Don't use deprecated method (#1826) (Guy Sartorelli)

• silverstripe/asset-admin (2.3.0 -> 2.4.0)

  • 2025-02-11 0ef0b176 Allow changing parallelUploads config in UploadField (#1539) (Mikal)
  • 2024-09-19 701ae8b8 Don't use deprecated method (#1497) (Guy Sartorelli)

• silverstripe/campaign-admin (2.3.0 -> 2.4.0)

  • 2024-09-18 802b92a Don't use deprecated method (#331) (Guy Sartorelli)

• silverstripe/versioned-admin (2.3.0 -> 2.4.0)

  • 2024-12-10 e797325 Update code to avoid calling deprecated code (#377) (Guy Sartorelli)

• silverstripe/cms (5.3.0 -> 5.4.0)

  • 2025-02-18 a72265e7 Ensure report links are escaped (Steve Boyd)
  • 2024-09-19 4b3e1f09 Don't use deprecated method (#3006) (Guy Sartorelli)

• silverstripe/reports (5.3.0 -> 5.4.0)

  • 2024-10-11 97c03dbb Reports list filtering and pagination. (Mojmir Fendek)

• silverstripe/versioned (2.3.0 -> 2.4.0)

  • 2024-09-19 9e26864 Don't use deprecated method (#476) (Guy Sartorelli)

• silverstripe/graphql (5.2.3 -> 5.3.0)

  • 2024-09-19 4e9b3e3 Don't use deprecated method (#607) (Guy Sartorelli)

• silverstripe/session-manager (2.3.0 -> 2.3.3)

  • 2025-03-27 13336d7 Update CMS version in userhelp link (Steve Boyd)

• silverstripe/tagfield (3.3.0 -> 3.4.0)

  • 2024-10-01 efc9f45 Refactor the way selected options are returned for read only tag fields. (adunn49)

• silverstripe/blog (4.3.0 -> 4.4.0)

  • 2024-09-19 0da034c Don't use deprecated method (#786) (Guy Sartorelli)

• silverstripe/contentreview (5.3.0 -> 5.4.0)

  • 2024-09-19 f7ee5d7 Don't use deprecated method (#259) (Guy Sartorelli)

• silverstripe/sharedraftcontent (3.3.0 -> 3.4.0)

  • 2025-03-27 4ae6894 Update CMS version in userhelp link (Steve Boyd)
  • 2024-12-10 5de30ec Update code to avoid calling deprecated code (#271) (Guy Sartorelli)
  • 2024-09-19 cb7494d Don't use deprecated method (#262) (Guy Sartorelli)

• symbiote/silverstripe-advancedworkflow (6.3.0 -> 6.4.0)

  • 2024-10-21 47af9f5 Avoid using deprecated API (#555) (Guy Sartorelli)

• silverstripe/userforms (6.3.0 -> 6.4.0)

  • 2024-09-19 2d6423e Injectable GridField config components. (Mojmir Fendek)
  • 2024-09-19 fa8f798 Don't use deprecated method (#1329) (Guy Sartorelli)

• silverstripe/externallinks (3.3.0 -> 3.4.0)

  • 2024-09-18 bce020b Don't use deprecated method (#149) (Guy Sartorelli)

• bringyourownideas/silverstripe-maintenance (3.2.0 -> 3.3.0)

  • 2024-09-19 f15b48b Don't use deprecated method (#243) (Guy Sartorelli)

• dnadesign/silverstripe-elemental (5.3.0 -> 5.4.0)

  • 2024-09-19 2ae99d0 Don't use deprecated method (#1255) (Guy Sartorelli)

• silverstripe/auditor (3.2.0 -> 3.3.0)

  • 2024-09-19 af9d0d9 Don't use deprecated method (#94) (Guy Sartorelli)

• silverstripe/totp-authenticator (5.3.0 -> 5.3.1)

  • 2025-03-27 ebec94a Update CMS version in userhelp link (Steve Boyd)

• silverstripe/mfa (5.3.0 -> 5.4.0)

  • 2025-03-27 8fcfc38 Update CMS version in userhelp links (Steve Boyd)
  • 2025-02-19 2820fc9 Disable temporary sudo mode after login (Steve Boyd)

• silverstripe/crontask (3.0.4 -> 3.1.0)

  • 2024-09-19 e0f31df Don't use deprecated method (#95) (Guy Sartorelli)

• silverstripe/ldap (2.2.3 -> 2.3.0)

  • 2025-03-18 cb14215 Fix linting issues (#98) (Guy Sartorelli)
  • 2024-09-19 fe1f4c5 Don't use deprecated method (#93) (Guy Sartorelli)

• silverstripe/realme (5.4.0 -> 5.5.0)

  • 2024-09-18 58da5ee Don't use deprecated method (#164) (Guy Sartorelli)

• silverstripe/webauthn-authenticator (5.3.0 -> 5.3.1)

  • 2025-03-27 cf8de7a Update CMS version in userhelp link (Steve Boyd)

• silverstripe/subsites (3.3.0 -> 3.4.0)

  • 2024-12-10 0d26650 Update code to avoid using deprecated methods (#619) (Guy Sartorelli)
  • 2024-09-19 9be525a Don't use deprecated method (#601) (Guy Sartorelli)

• silverstripe/lumberjack (3.2.0 -> 3.3.0)

  • 2024-12-10 bf4ac79 Update code to avoid using deprecated API (#180) (Guy Sartorelli)

• silverstripe/staticpublishqueue (6.2.2 -> 6.3.0)

  • 2025-01-15 5c0fda7 Allow extensions to provide triggers (#214) (Tyler Trout)
  • 2024-10-21 8fe9f6c Avoid using deprecated API (#207) (Guy Sartorelli)
  • 2024-09-18 b8c7347 Don't use deprecated method (#205) (Guy Sartorelli)

• symbiote/silverstripe-queuedjobs (5.2.0 -> 5.3.0)

  • 2024-09-19 710c9be Don't use deprecated method (#449) (Guy Sartorelli)

• tractorcow/silverstripe-fluent (7.2.0 -> 7.3.0)

  • 2025-01-29 e883a2f Allow the localisation manager to be filtered using BasicSearchContext (#922) (Mojmir Fendek)
  • 2024-09-18 82dad3a Use correct name for new suppression method (Guy Sartorelli)
  • 2024-09-17 ccf5d52 Don't use deprecated method (Guy Sartorelli)

• silverstripe/linkfield (4.1.0 -> 4.2.0)

  • 2025-03-05 4c65632 Add extension points for getURL methods (Cameron Bryers)
  • 2025-01-06 05a0082 Improve CMS messaging around plural vs singular (Nate)
  • 2024-09-18 50a502c Don't use deprecated method (#337) (Guy Sartorelli)

Bugfixes#

• silverstripe/assets (2.3.0 -> 2.4.0)

  • 2025-01-19 af3ec19 Don't add the same extension multiple times (Steve Joynt)
  • 2025-01-06 c6bbd88 Don't log to error handler (#670) (Guy Sartorelli)
  • 2025-01-06 627d272 Return null early if there is no file to convert (#669) (Guy Sartorelli)

• silverstripe/framework (5.3.0 -> 5.4.0)

  • 2025-04-08 b2d53a6f0 Change password form when cookie samesite is strict (Steve Boyd)
  • 2025-04-07 ec0174656 Ensure null is not passed to strip_tags() (Steve Boyd)
  • 2025-03-31 e3b2ace1f Delete action handling correction. (Mojmir Fendek)
  • 2025-03-30 9ee937705 Add action--unlink class to unlink action (Steve Boyd)
  • 2025-03-27 ef6c4cfcb Use search context when no database field for label (Steve Boyd)
  • 2025-03-27 98b6b97e3 Do not use apostrophe in change password email (Steve Boyd)
  • 2025-03-24 ad77e723e lint (Thomas Portelange)
  • 2025-03-24 e02145269 don't set limit if threshold is 0 (Thomas Portelange)
  • 2025-03-24 96bb87a65 Don't make a count query when threshold = 0 (Thomas Portelange)
  • 2025-02-25 f254ccfef EmailField::validate returns bool (Thomas Portelange)
  • 2025-02-20 e6709e3f3 Reset time limit back to original value (Steve Boyd)
  • 2025-02-13 e2f52c333 Handle composite fields in GridFIeldFilterHeader (#11609) (Guy Sartorelli)
  • 2025-02-11 61a384d04 Avoid double escaping values when printing a gridfield (#11598) (Guy Sartorelli)
  • 2025-02-11 fad032ac0 Prevent invalid i18n sources from being collected (Steve Boyd)
  • 2025-01-28 690838bd1 Use configured member unique identifier in reset password form (#11568) (Andrew Paxley)
  • 2025-01-23 1ea87f88f Ensure default_locale is en_US for unit testing supported modules (#11570) (Steve Boyd)
  • 2025-01-16 227e1788b Less cache fragmentation in ClassManifest (#11533) (Thomas Portelange)
  • 2025-01-15 16ef0944d Class manifest is not caching enums (#11532) (Thomas Portelange)
  • 2025-01-14 8b8404e47 Escape user input from an HTML context. (#11556) (Guy Sartorelli)
  • 2025-01-13 cd1d5de42 Throw DatabaseException, not mysqli_sql_exception (#11545) (Guy Sartorelli)
  • 2025-01-10 94af2e58d Stop calling deprecated method in templates (Guy Sartorelli)
  • 2025-01-10 10f239fe0 Don't throw error if there's no backtrace in deprecation notice (Guy Sartorelli)
  • 2025-01-08 4e151be72 Invalid _t usage (#11522) (Thomas Portelange)
  • 2025-01-07 597d1100a Apply correct typing to $limit in BasicSearchContext (#11535) (Guy Sartorelli)
  • 2025-01-06 2d472f467 Don't log to the error handler (#11523) (Guy Sartorelli)
  • 2024-12-12 8ca581c50 Treat value not in SingleSelectField options as blank (#11510) (Guy Sartorelli)
  • 2024-12-02 25ed64f12 eagerLoad crash with nonterminal hasOne relation (Mason Dechaineux)
  • 2024-11-15 0abd28244 Make IsFirst and IsLast work as expected for PaginatedList (fixes #11465) (Loz Calver)
  • 2024-11-05 9116d8a9c Anonymous function use statements in text collector (Steve Boyd)
  • 2024-09-19 e93dafb2f Use correct contructor for HTTPOutputHandler (Steve Boyd)
  • 2024-09-12 4045443ae Use correct constructors arguments (Steve Boyd)
  • 2024-05-16 8b4865ed2 Return null error solved for DBQueryBuilder::shouldBuildTraceComment (Finlay Metcalfe)

• silverstripe/admin (2.3.0 -> 2.4.0)

  • 2025-04-02 6f1b7f8f Use word unlink instead of delete when unlinking (Steve Boyd)
  • 2025-03-27 a38ec6c1 Debounce on SearchableDropdownField (Steve Boyd)
  • 2024-12-17 7ac6a72d Add one to current colspan in fixColumns instead of resetting to 2 (Kevinn1109)
  • 2024-12-09 0eb927cf form submission button state (#1866) (Hitaishi)
  • 2024-11-05 0ab39b47 disable options not working issue on TreeDropdownField (Priya)

• silverstripe/cms (5.3.0 -> 5.4.0)

  • 2024-09-15 d8748ff5 return right order for getClassDropdown method (Nicolaas @ Tappy @ Sunny Side Up)

• silverstripe/versioned (2.3.0 -> 2.4.0)

  • 2025-01-14 970135b Escape user input from an HTML context. (#488) (Guy Sartorelli)

• silverstripe/graphql (5.2.3 -> 5.3.0)

  • 2025-01-29 78af3f9 Use static call not self call when rebuilding schema (#624) (Guy Sartorelli)

• silverstripe/session-manager (2.3.0 -> 2.3.3)

  • 2025-04-03 cbb3f34 Don't call method that doesn't exist yet (#243) (Guy Sartorelli)

• silverstripe/blog (4.3.0 -> 4.4.0)

  • 2025-01-22 9de7564 #606, get correct URL for categories if Blog is on /home (Lukas Erni)
  • 2024-09-26 9dfc813 Fix blog plural en.yml (3Dgoo)

• silverstripe/contentreview (5.3.0 -> 5.4.0)

  • 2025-02-05 27eb959 Handle when fallback email address is an array (Steve Boyd)

• silverstripe/userforms (6.3.0 -> 6.4.0)

  • 2025-02-08 7fd8626 Allow setMaxLength for all field types (TextField, TextareaField) (Rastislav Brandobur)

• dnadesign/silverstripe-elemental (5.3.0 -> 5.4.0)

  • 2025-04-07 a7e336f Multi locale localised copy correction. (#1342) (Mojmir Fendek)
  • 2025-03-20 332bf4c View inline tabs on first try (Steve Boyd)
  • 2025-02-27 c385dc8 Make change tracking work again for inline editable blocks (#1319) (Guy Sartorelli)
  • 2025-02-07 c4535be Allow publishing non-inline-editable blocks (#1312) (Guy Sartorelli)
  • 2025-01-15 e9bbe3d Call property directly to prevent infinite recursion (Steve Boyd)
  • 2024-12-12 b3ab32c Fix ensure blocks array not null before component update (Mohamed Alsharaf)
  • 2024-12-11 4afbc4e Don't try to save blocks in a readonly elemental area (#1292) (Guy Sartorelli)
  • 2024-11-26 c75969c Allow for custom admin route (#1281) (Steve Joynt)
  • 2024-11-06 23af9c0 Ensure files can be removed from elemental blocks (#1267) (Guy Sartorelli)

• silverstripe/environmentcheck (3.0.2 -> 3.1.0)

  • 2025-01-16 fb905f2 Allow logged in user with permissions to bypass basic auth (Steve Boyd)

• silverstripe/staticpublishqueue (6.2.2 -> 6.3.0)

  • 2025-04-04 2e6dee2 Allow https if the URL to cache has an https protocol (#221) (Guy Sartorelli)

• tractorcow/silverstripe-fluent (7.2.0 -> 7.3.0)

  • 2025-04-07 5516c8e Multi locale localised copy correction. (#941) (Mojmir Fendek)
  • 2025-03-10 640b35f Correctly set duplicated has_one records for localised records (Guy Sartorelli)
  • 2025-02-04 0549de7 Correctly indicate source locale when using inherited locales. (#840) (Mojmir Fendek)
  • 2025-01-14 43e2ab9 Escape user input from an HTML context. (#920) (Guy Sartorelli)
  • 2024-10-31 00a1537 fix error page code 404 can not CMS preview (Pack)

• silverstripe/linkfield (4.1.0 -> 4.2.0)

  • 2025-03-05 4364d36 migration task chunking by sorting links by id. (Jonathan Copson)

Api changes#

• silverstripe/recipe-plugin (2.0.1 -> 2.1.0)

  • 2025-02-19 57d785d Update return type to match Symfony 7 (#49) (Guy Sartorelli)

• silverstripe/vendor-plugin (2.0.3 -> 2.1.0)

  • 2025-02-19 a327132 Update return type to match Symfony 7 (#89) (Guy Sartorelli)
  • 2024-11-28 5d26aff Explicity mark nullable parameters for PHP 8.4 (Steve Boyd)

• silverstripe/assets (2.3.0 -> 2.4.0)

  • 2024-11-27 f1ec760 Deprecate campaign-admin config (Steve Boyd)
  • 2024-10-20 908c59b Add deprecation (Steve Boyd)

• silverstripe/framework (5.3.0 -> 5.4.0)

  • 2025-04-07 09d05e90f Deprecate broken and unnecessary Debug::require_developer_login() (#11672) (Guy Sartorelli)
  • 2025-04-02 ce25765ab Deprecate API which was removed or changed in CMS 6 (#11662) (Guy Sartorelli)
  • 2025-03-12 9b13feead Deprecate TotalItems() (#11633) (Guy Sartorelli)
  • 2025-03-11 a6c4243ca Deprecate API that will be removed in CMS 6 (#11630) (Guy Sartorelli)
  • 2025-02-25 388a29dfb Deprecate API being removed in CMS 6 (Guy Sartorelli)
  • 2025-02-13 b8df03b61 Deprecate Controller::has_curr() (Steve Boyd)
  • 2025-02-11 771070f86 Deprecate DBInt::Times() (Steve Boyd)
  • 2025-01-29 70ed6566b Deprecate passing null paramters for Form and ValidationResult methods (Steve Boyd)
  • 2025-01-29 06b7a8e9b Deprecate FormField Value (Steve Boyd)
  • 2025-01-14 b798ee3dd Deprecate unused configuration property (#11552) (Guy Sartorelli)
  • 2025-01-10 3f5b36368 Deprecate old i18n template syntax (Guy Sartorelli)
  • 2025-01-09 bcdd1e2ca Remove deprecation notice from method we're not removing (#11540) (Guy Sartorelli)
  • 2025-01-09 3518d8ae0 Deprecate passing bool to Form::loadDataFrom() (#11542) (Guy Sartorelli)
  • 2025-01-09 99caf2da2 Deprecate getCMSValidator() method. (#11539) (Guy Sartorelli)
  • 2025-01-07 06240b62f Deprecate API which will be removed in CMS 6 (#11526) (Guy Sartorelli)
  • 2024-12-17 f51b4f7c3 Use validate method instead of validationResult (Steve Boyd)
  • 2024-12-10 d62f40c10 Deprecate code that will be removed in CMS 6 (#11501) (Guy Sartorelli)
  • 2024-12-08 7d25f7f53 Deprecate renamed validators (Steve Boyd)
  • 2024-11-25 34a50fe40 Deprecation notice for FormField::validate() (Steve Boyd)
  • 2024-11-14 15683cfd9 Deprecate FormField API (Steve Boyd)
  • 2024-11-11 2fb7cfa09 Replace DBEnum::flushCache() with DBEnum::reset() (Guy Sartorelli)
  • 2024-11-05 d871f4067 Deprecate API which is moving into its own module (#11454) (Guy Sartorelli)
  • 2024-10-30 14f248b42 List interface deprecations (Steve Boyd)
  • 2024-10-24 8621411c1 Deprecate FlushMiddelware (#11444) (Guy Sartorelli)
  • 2024-10-21 165f72fd2 Deprecations for template layer (#11420) (Guy Sartorelli)
  • 2024-10-17 8ec068f3f Add deprecation (Steve Boyd)
  • 2024-09-18 6287b6ebe Rename Deprecation::withNoReplacement (#11390) (Guy Sartorelli)
  • 2024-09-12 239873baa Deprecate SSListExporter (Steve Boyd)
  • 2024-09-12 9788a9750 Deprecate classes which will be renamed (#11375) (Guy Sartorelli)
  • 2024-09-11 6245b6229 Made the GridFieldDeleteAction method getRemoveAction() protected (Benjamin Blake)

• silverstripe/admin (2.3.0 -> 2.4.0)

  • 2025-04-02 8ba3d0da Deprecate API which was removed or changed in CMS 6. (#1919) (Guy Sartorelli)
  • 2025-02-26 58c02089 Deprecate API being removed in CMS 6 (#1908) (Guy Sartorelli)
  • 2024-12-10 02b164ff Deprecate API which will be removed in CMS 6 (#1868) (Guy Sartorelli)
  • 2024-11-26 0c04234d Deprecate methods on ModalController (#1861) (Guy Sartorelli)
  • 2024-11-14 0517656d Deprecate API that will be removed as a result of refactoring (#1851) (Guy Sartorelli)
  • 2024-10-31 9935822e Deprecate API that will be renamed (#1844) (Guy Sartorelli)

• silverstripe/asset-admin (2.3.0 -> 2.4.0)

  • 2025-03-06 ae8429c1 Update deprecations (Steve Boyd)
  • 2025-02-26 2041df79 Stop using deprecated LeftAndMain::SCHEMA_HEADER const (#1545) (Guy Sartorelli)
  • 2024-11-26 e8bd8541 Deprecate methods on RemoteFileModalExtension (#1516) (Guy Sartorelli)
  • 2024-11-26 a20db889 Deprecate campaign admin integrations (Steve Boyd)
  • 2024-11-26 a124e172 Deprecate campaign admin integrations (Steve Boyd)
  • 2024-10-31 333b9ac6 Deprecate API that will be renamed (#1506) (Guy Sartorelli)
  • 2024-09-02 733358c9 Use correct version for deprecation (Steve Boyd)

• silverstripe/campaign-admin (2.3.0 -> 2.4.0)

  • 2024-10-31 f2e65f5 Deprecate API that will be renamed (#339) (Guy Sartorelli)

• silverstripe/cms (5.3.0 -> 5.4.0)

  • 2025-04-02 1b806e4c Deprecate API which was removed or changed in CMS 6. (#3068) (Guy Sartorelli)
  • 2025-03-11 b44af07c Deprecate API that will be removed in CMS 6 (#3064) (Guy Sartorelli)
  • 2025-03-06 7cdf5a69 Update deprecations (Steve Boyd)
  • 2025-02-26 d66c7847 Deprecate API being removed in CMS 6 (#3060) (Guy Sartorelli)
  • 2024-12-10 5c1f28ac Deprecate API that's being removed in CMS 6 (#3036) (Guy Sartorelli)
  • 2024-11-26 f34f8428 Deprecate InternalLinkModalExtension (#3030) (Guy Sartorelli)
  • 2024-11-25 6bd7f7e7 Deprecate campaign admin integrations (Steve Boyd)
  • 2024-11-14 58a4ae56 Deprecate and update code in preparation for CMS 6 (#3023) (Guy Sartorelli)
  • 2024-10-31 b779f488 Deprecate API that will be renamed (#3021) (Guy Sartorelli)
  • 2024-10-21 42aed2b7 Deprecations for template layer (#3012) (Guy Sartorelli)

• silverstripe/errorpage (2.3.0 -> 2.4.0)

  • 2024-12-10 e888fd2 Deprecate API that's changing in CMS 6 (#129) (Guy Sartorelli)
  • 2024-11-14 d160351 Use new class_description configuration (#127) (Guy Sartorelli)

• silverstripe/reports (5.3.0 -> 5.4.0)

  • 2024-10-31 3d873d35 Deprecate API that will be renamed (#201) (Guy Sartorelli)

• silverstripe/siteconfig (5.3.0 -> 5.4.0)

  • 2024-10-31 e467a372 Deprecate API that will be renamed (#181) (Guy Sartorelli)

• silverstripe/versioned (2.3.0 -> 2.4.0)

  • 2025-04-02 8a1f262 Deprecate API which was removed or changed in CMS 6 (#497) (Guy Sartorelli)
  • 2024-09-02 7fe629a Use correct version for deprecation (Steve Boyd)

• silverstripe/graphql (5.2.3 -> 5.3.0)

  • 2024-09-13 76f8044 Deprecate API that will be removed (#603) (Guy Sartorelli)

• silverstripe/session-manager (2.3.0 -> 2.3.3)

  • 2025-04-02 c087cd9 Deprecate API which was removed or changed in CMS 6 (#241) (Guy Sartorelli)

• silverstripe/iframe (3.2.1 -> 3.3.0)

  • 2024-11-14 77bda47 Use new class_description configuration (#102) (Guy Sartorelli)

• silverstripe/blog (4.3.0 -> 4.4.0)

  • 2024-12-10 dbd9d79 Deprecate API that's changing in CMS 6 (#799) (Guy Sartorelli)
  • 2024-11-14 a92b79a Use new class_description configuration (#794) (Guy Sartorelli)

• silverstripe/contentreview (5.3.0 -> 5.4.0)

  • 2025-02-26 ccd0cb8 Stop using deprecated LeftAndMain::SCHEMA_HEADER const (#273) (Guy Sartorelli)
  • 2024-09-25 40e45cd Deprecate isValidEmail() method (#262) (Guy Sartorelli)
  • 2024-09-13 4aea5a5 Deprecate API that will be removed (#257) (Guy Sartorelli)

• symbiote/silverstripe-advancedworkflow (6.3.0 -> 6.4.0)

  • 2025-04-02 4d8e29e Deprecate API which was removed or changed in CMS 6 (#571) (Guy Sartorelli)
  • 2024-12-03 dbb5a33 Deprecate renamed validator (Steve Boyd)

• silverstripe/userforms (6.3.0 -> 6.4.0)

  • 2025-04-02 990785a Deprecate API which was removed or changed in CMS 6 (#1379) (Guy Sartorelli)
  • 2025-02-26 99fbcb0 Stop using deprecated LeftAndMain::SCHEMA_HEADER const (#1374) (Guy Sartorelli)
  • 2025-02-19 d1e5e54 Deprecate UserFormsColumnCleanTask (Steve Boyd)
  • 2024-12-10 184dad7 Deprecate API that's changing in CMS 6 (#1357) (Guy Sartorelli)
  • 2024-12-05 5459312 Deprecate renamed validator (Steve Boyd)
  • 2024-11-14 bfc58dd Use new class_description configuration (#1347) (Guy Sartorelli)

• silverstripe/externallinks (3.3.0 -> 3.4.0)

  • 2024-09-13 175c754 Deprecate API that will be removed (#147) (Guy Sartorelli)

• bringyourownideas/silverstripe-maintenance (3.2.0 -> 3.3.0)

  • 2024-09-13 d6b2fbe Deprecate API that will be removed (#240) (Guy Sartorelli)

• silverstripe/recipe-content-blocks (3.3.0 -> 3.4.0)

  • 2024-12-10 e9d4ae1 Deprecate API that's changing in CMS 6 (#53) (Guy Sartorelli)
  • 2024-11-14 5dff9aa Use new class_description configuration (#51) (Guy Sartorelli)

• dnadesign/silverstripe-elemental (5.3.0 -> 5.4.0)

  • 2025-04-02 ed15ed4 Deprecate API which was removed or changed in CMS 6. (#1341) (Guy Sartorelli)
  • 2025-03-04 6df7305 Updates to deprecation notices (#1328) (Guy Sartorelli)
  • 2025-02-26 856274f Deprecate API being removed in CMS 6 (#1324) (Guy Sartorelli)
  • 2024-11-27 e8dc5f0 Deprecate campaign-admin config (Steve Boyd)
  • 2024-11-14 d3cbca7 Use new class_description configuration (#1272) (Guy Sartorelli)
  • 2024-11-06 50ca5a8 Deprecate API which will be removed (#1270) (Guy Sartorelli)
  • 2024-09-05 2410220 Deprecate TopPage classes which are being renamed (Steve Boyd)

• silverstripe/environmentcheck (3.0.2 -> 3.1.0)

  • 2025-03-26 5fdd506 Deprecate SolrIndexCheck (Steve Boyd)

• silverstripe/registry (3.2.0 -> 3.3.0)

  • 2024-12-10 3f4f498 Deprecate API that's changing in CMS 6 (#115) (Guy Sartorelli)
  • 2024-11-14 92c1a52 Use new class_description configuration (#111) (Guy Sartorelli)

• silverstripe/mfa (5.3.0 -> 5.4.0)

  • 2025-04-02 b0044cd Deprecate API which was removed or changed in CMS 6 (#599) (Guy Sartorelli)

• silverstripe/crontask (3.0.4 -> 3.1.0)

  • 2024-09-13 cd7f4ef Deprecate API that will be removed (#94) (Guy Sartorelli)

• silverstripe/ldap (2.2.3 -> 2.3.0)

  • 2024-09-13 a954c0e Deprecate API that will be removed (#91) (Guy Sartorelli)

• silverstripe/realme (5.4.0 -> 5.5.0)

  • 2024-09-13 f7ba0a5 Deprecate API that will be removed (#162) (Guy Sartorelli)

• silverstripe/subsites (3.3.0 -> 3.4.0)

  • 2025-04-02 7351063 Deprecate API which was removed or changed in CMS 6 (#634) (Guy Sartorelli)
  • 2025-01-08 49797c8 Deprecate API which will be removed in CMS 6 (#625) (Guy Sartorelli)
  • 2024-11-14 11f4ebc Deprecate API that will be removed as a result of refactoring (#613) (Guy Sartorelli)
  • 2024-11-14 1c65739 Use new class_description configuration (#610) (Guy Sartorelli)
  • 2024-09-13 2713c3a Deprecate API that will be removed (#599) (Guy Sartorelli)

• silverstripe/staticpublishqueue (6.2.2 -> 6.3.0)

  • 2024-09-13 d42ca25 Deprecate API that will be removed (#203) (Guy Sartorelli)

• dnadesign/silverstripe-elemental-userforms (4.1.1 -> 4.2.0)

  • 2024-11-14 b34866c Use new class_description configuration (#102) (Guy Sartorelli)

• symbiote/silverstripe-queuedjobs (5.2.0 -> 5.3.0)

  • 2024-09-13 b6c1c4f Deprecate API that will be removed (#447) (Guy Sartorelli)

• tractorcow/silverstripe-fluent (7.2.0 -> 7.3.0)

  • 2025-04-01 52cd42b Deprecate API which was removed or changed in CMS 6 (Guy Sartorelli)
  • 2025-02-09 f038d52 Add explicit configuration API properties. (#841) (Mojmir Fendek)
  • 2024-09-10 3dbdb25 Deprecate API that will be removed (Guy Sartorelli)

• silverstripe/linkfield (4.1.0 -> 4.2.0)

  • 2025-04-02 bb7d158 Deprecate API which was removed or changed in CMS 6 (#372) (Guy Sartorelli)

Dependencies#

• silverstripe/vendor-plugin (2.0.3 -> 2.1.0)

  • 2024-09-09 07e9901 Use PHPUnit 11 (Steve Boyd)

• silverstripe/framework (5.3.0 -> 5.4.0)

  • 2024-09-25 e34463875 Deprecate API that will be removed or renamed (#11401) (Guy Sartorelli)

• silverstripe/admin (2.3.0 -> 2.4.0)

  • 2024-12-02 ee22a359 Bump cross-spawn from 7.0.3 to 7.0.6 (#1858) (dependabot[bot])
  • 2024-12-01 64b6ac20 Bump express from 4.19.2 to 4.21.0 (#1827) (dependabot[bot])
  • 2024-09-23 817e68b3 Increase minimum version of silverstripe/framework (Steve Boyd)

• silverstripe/asset-admin (2.3.0 -> 2.4.0)

  • 2024-12-02 e57ed008 Bump cross-spawn from 7.0.3 to 7.0.6 (#1513) (dependabot[bot])
  • 2024-09-23 b6a2dc28 Increase minimum version of silverstripe/framework (Steve Boyd)

• silverstripe/campaign-admin (2.3.0 -> 2.4.0)

  • 2024-12-02 f8f8dd7 Bump cross-spawn from 7.0.3 to 7.0.6 (#343) (dependabot[bot])
  • 2024-09-23 e030e56 Increase minimum version of silverstripe/framework (Steve Boyd)

• silverstripe/versioned-admin (2.3.0 -> 2.4.0)

  • 2024-12-02 6cc383b Bump elliptic from 6.5.7 to 6.6.1 (#375) (dependabot[bot])
  • 2024-12-01 1615714 Bump express from 4.19.2 to 4.21.0 (#364) (dependabot[bot])
  • 2024-12-01 bb0d462 Bump cross-spawn from 7.0.3 to 7.0.6 (#373) (dependabot[bot])

• silverstripe/cms (5.3.0 -> 5.4.0)

  • 2024-12-02 57d06fc0 Bump cross-spawn from 7.0.3 to 7.0.6 (#3026) (dependabot[bot])
  • 2024-09-23 e2ca1cb7 Increase minimum version of silverstripe/framework (Steve Boyd)

• silverstripe/versioned (2.3.0 -> 2.4.0)

  • 2024-09-23 288cb40 Increase minimum version of silverstripe/framework (Steve Boyd)

• silverstripe/graphql (5.2.3 -> 5.3.0)

  • 2024-09-23 18ea458 Increase minimum version of silverstripe/framework (Steve Boyd)

• silverstripe/tagfield (3.3.0 -> 3.4.0)

  • 2024-11-20 ef6b840 Bump cross-spawn from 7.0.3 to 7.0.6 (dependabot[bot])

• silverstripe/blog (4.3.0 -> 4.4.0)

  • 2024-12-02 16beb8c Bump cross-spawn from 7.0.3 to 7.0.6 (#796) (dependabot[bot])
  • 2024-09-23 9127583 Increase minimum version of silverstripe/framework (Steve Boyd)

• silverstripe/contentreview (5.3.0 -> 5.4.0)

  • 2024-12-02 cd7b692 Bump cross-spawn from 7.0.3 to 7.0.6 (#270) (dependabot[bot])
  • 2024-09-23 9150258 Increase minimum version of silverstripe/framework (Steve Boyd)

• silverstripe/sharedraftcontent (3.3.0 -> 3.4.0)

  • 2024-12-01 e3f02ce Bump cross-spawn from 7.0.3 to 7.0.6 (#269) (dependabot[bot])
  • 2024-09-23 8859703 Increase minimum version of silverstripe/framework (Steve Boyd)
  • 2024-09-02 0a2db2e Bump webpack from 5.91.0 to 5.94.0 (dependabot[bot])
  • 2024-09-01 3d882fe Bump ws from 7.5.9 to 7.5.10 (dependabot[bot])
  • 2024-09-01 dd1fb54 Bump braces from 3.0.2 to 3.0.3 (dependabot[bot])
  • 2024-09-01 6dae96b Bump requirejs from 2.3.6 to 2.3.7 (dependabot[bot])

• symbiote/silverstripe-advancedworkflow (6.3.0 -> 6.4.0)

  • 2024-12-01 161cfd7 Bump elliptic from 6.5.4 to 6.6.0 (#560) (dependabot[bot])

• silverstripe/userforms (6.3.0 -> 6.4.0)

  • 2024-12-01 a05725a Bump cross-spawn from 7.0.3 to 7.0.6 (#1351) (dependabot[bot])
  • 2024-09-30 7466999 Bump framework dependency 'cause we're using new API (#1331) (Guy Sartorelli)

• silverstripe/externallinks (3.3.0 -> 3.4.0)

  • 2024-11-20 21c86ba Bump cross-spawn from 7.0.3 to 7.0.6 (dependabot[bot])
  • 2024-09-23 99842fc Increase minimum version of silverstripe/framework (Steve Boyd)
  • 2024-09-02 29c82ae Bump braces from 3.0.2 to 3.0.3 (dependabot[bot])
  • 2024-09-02 e88185a Bump ws from 7.5.9 to 7.5.10 (dependabot[bot])
  • 2024-09-01 e3aed1b Bump requirejs from 2.3.6 to 2.3.7 (dependabot[bot])
  • 2024-09-01 2fca3ce Bump webpack from 5.91.0 to 5.94.0 (dependabot[bot])

• bringyourownideas/silverstripe-maintenance (3.2.0 -> 3.3.0)

  • 2024-12-02 c3cc268 Run yarn upgrade (Steve Boyd)
  • 2024-10-20 9c828fc Use stable version of silverstripe/supported-modules (Steve Boyd)
  • 2024-09-23 3483257 Increase minimum version of silverstripe/framework (Steve Boyd)

• dnadesign/silverstripe-elemental (5.3.0 -> 5.4.0)

  • 2025-01-09 8e8e077 Require framework ^5.3 (Steve Boyd)
  • 2024-12-02 74195ea Bump cross-spawn from 7.0.3 to 7.0.6 (#1279) (dependabot[bot])
  • 2024-09-23 69cc127 Increase minimum version of silverstripe/framework (Steve Boyd)

• silverstripe/auditor (3.2.0 -> 3.3.0)

  • 2024-09-23 728af80 Increase minimum version of silverstripe/framework (Steve Boyd)

• silverstripe/mfa (5.3.0 -> 5.4.0)

  • 2025-02-20 eeb60fb Add conflict with older versions of silverstripe/admin (Steve Boyd)
  • 2024-11-20 738d923 Bump cross-spawn from 7.0.3 to 7.0.6 (dependabot[bot])
  • 2024-09-02 47f6ba5 Bump webpack from 5.91.0 to 5.94.0 (dependabot[bot])
  • 2024-09-01 800d081 Bump braces from 3.0.2 to 3.0.3 (dependabot[bot])
  • 2024-09-01 6782a98 Bump requirejs from 2.3.6 to 2.3.7 (dependabot[bot])

• silverstripe/crontask (3.0.4 -> 3.1.0)

  • 2024-09-23 cb2171c Increase minimum version of silverstripe/framework (Steve Boyd)

• silverstripe/ldap (2.2.3 -> 2.3.0)

  • 2024-09-23 3cd1e44 Increase minimum version of silverstripe/framework (Steve Boyd)

• silverstripe/realme (5.4.0 -> 5.5.0)

  • 2024-11-20 632c259 Bump cross-spawn from 7.0.3 to 7.0.6 (dependabot[bot])
  • 2024-09-23 0742eb4 Increase minimum version of silverstripe/framework (Steve Boyd)

• silverstripe/subsites (3.3.0 -> 3.4.0)

  • 2024-12-01 a9f842e Bump cross-spawn from 7.0.3 to 7.0.6 (#615) (dependabot[bot])
  • 2024-09-23 9ea422b Increase minimum version of silverstripe/framework (Steve Boyd)

• silverstripe/lumberjack (3.2.0 -> 3.3.0)

  • 2024-11-20 06ffdf2 Bump cross-spawn from 7.0.3 to 7.0.6 (dependabot[bot])
  • 2024-09-02 ecf1804 Bump webpack from 5.91.0 to 5.94.0 (dependabot[bot])
  • 2024-09-02 a072159 Bump braces from 3.0.2 to 3.0.3 (dependabot[bot])
  • 2024-09-02 97dd7d3 Bump ws from 7.5.9 to 7.5.10 (dependabot[bot])
  • 2024-09-02 fe81132 Bump requirejs from 2.3.6 to 2.3.7 (dependabot[bot])

• silverstripe/staticpublishqueue (6.2.2 -> 6.3.0)

  • 2024-09-23 0bc277f Increase minimum version of silverstripe/framework (Steve Boyd)

• symbiote/silverstripe-queuedjobs (5.2.0 -> 5.3.0)

  • 2024-09-23 5b7aac0 Increase minimum version of silverstripe/framework (Steve Boyd)

• tractorcow/silverstripe-fluent (7.2.0 -> 7.3.0)

  • 2024-09-23 36861c7 Increase minimum version of silverstripe/framework (Steve Boyd)

• silverstripe/linkfield (4.1.0 -> 4.2.0)

  • 2024-12-02 9f8cb42 Bump cross-spawn from 7.0.3 to 7.0.6 (#352) (dependabot[bot])
  • 2024-09-30 6e69617 Bump framework dependency 'cause we're using new API (#339) (Guy Sartorelli)

Documentation#

• silverstripe/recipe-plugin (2.0.1 -> 2.1.0)

  • 2024-11-27 ed3f434 Remove campaign-admin reference (Steve Boyd)

• silverstripe/vendor-plugin (2.0.3 -> 2.1.0)

  • 2025-04-02 ff55614 Fix deprecation phpdoc (#91) (Guy Sartorelli)

• silverstripe/framework (5.3.0 -> 5.4.0)

  • 2025-01-22 338f0d96c Updates example to use current code (David Toews)
  • 2025-01-08 b481546f6 Remove "deprecated" note from PHPDoc for not-deprecated method (#11537) (Guy Sartorelli)

• silverstripe/admin (2.3.0 -> 2.4.0)

  • 2024-11-06 663b7d00 Remove whitespace (Chris Lock)
  • 2024-11-05 8141da25 Change to suggested comment to make clearer (Chris Lock)
  • 2024-11-04 c59c64b3 Should be true to ignore (Chris Lock)
  • 2024-11-04 f6145372 Removing unecessary PHPDoc and adding context (Chris Lock)

• silverstripe/userforms (6.3.0 -> 6.4.0)

  • 2025-03-24 094a03e Create summary for optional feature (Steve Boyd)
  • 2024-11-14 8237537 fix and adjust links based on contribution guidelines (isoeli)
  • 2024-10-24 a477a91 fix and clean up documentation links (isoeli)

• dnadesign/silverstripe-elemental (5.3.0 -> 5.4.0)

  • 2025-03-24 c0ec5da Create summary for optional feature (Steve Boyd)

• silverstripe/developer-docs (5.3.0 -> 5.4.0)

  • 2025-03-26 aaeaded6 Deprecate SolrIndexCheck (Steve Boyd)
  • 2025-03-24 cb8bee0c 5.4.0-rc1 changelog (Steve Boyd)
  • 2025-03-12 b642ab21 Document deprecating TotalItems() (#716) (Guy Sartorelli)
  • 2025-03-11 965f1b3d Document API deprecations for TinyMCE migration (#713) (Guy Sartorelli)
  • 2025-03-11 ec267e7c Specify that static methods should be above the constructor (Steve Boyd)
  • 2025-03-06 3db3db75 Update deprecations (#711) (Steve Boyd)
  • 2025-03-05 37aaf9fb Add warning about template caching senstive data (Steve Boyd)
  • 2025-03-04 3e08b925 Document changes to deprecations (#707) (Guy Sartorelli)
  • 2025-02-26 2f70d078 Documenta deprecating API which will be removed in CMS 6. (#704) (Guy Sartorelli)
  • 2025-02-25 c37972e2 5.4.0-beta1 changelog (Steve Boyd)
  • 2025-02-25 44d55f43 Remove SiteConfig as protected by sudo mode (Steve Boyd)
  • 2025-02-19 a9523c54 Document change to return types in composer plugins (#685) (Guy Sartorelli)
  • 2025-02-19 766186fc Form sudo mode (Steve Boyd)
  • 2025-02-19 8642304a Deprecate UserFormsColumnCleanTask (#697) (Guy Sartorelli)
  • 2025-02-19 4901b182 Deprecate UserFormsColumnCleanTask (Steve Boyd)
  • 2025-02-16 eea8ef5d Backport docs about protecting against host header injection (Guy Sartorelli)
  • 2025-02-16 bb2d1c8e Update best practices for forcing TLS (Guy Sartorelli)
  • 2025-02-16 bb72cd71 Document warning for allowed hosts (#692) (Guy Sartorelli)
  • 2025-02-13 e4b0fc41 Deprecate Controller::has_curr() (Steve Boyd)
  • 2025-02-11 15c409af Deprecate DBInt::Times() (Steve Boyd)
  • 2025-02-02 59efc68e Remove "warning" about "fulltextsearch" (#681) (Simon Erkelens)
  • 2025-01-29 94a6dd39 Deprecate FormField Value (Steve Boyd)
  • 2025-01-29 4a4fb2f6 Deprecate passing null paramters for Form and ValidationResult methods (Steve Boyd)
  • 2025-01-15 7088fb35 Document new UX for unique index violations (#676) (Guy Sartorelli)
  • 2025-01-14 6f86a03d Document security patches (#675) (Guy Sartorelli)
  • 2025-01-14 9552f34c Deprecate an unused configuration property (#672) (Guy Sartorelli)
  • 2025-01-14 c2039539 Document XssSanitiser (#674) (Guy Sartorelli)
  • 2025-01-14 5560965f oembed sandboxing (#673) (Guy Sartorelli)
  • 2025-01-09 ea19f7a5 Document deprecating boolean into Form::loadDataFrom() (#668) (Guy Sartorelli)
  • 2025-01-08 9543d9ad Document subsite deprecations (#666) (Guy Sartorelli)
  • 2025-01-07 cc3379a1 Document newly deprecated API (#662) (Guy Sartorelli)
  • 2025-01-06 8a457405 Update error handling and logging docs (#660) (Guy Sartorelli)
  • 2024-12-16 ecdd039a Deprecate Form validationResult (Steve Boyd)
  • 2024-12-10 89f841cf Document deprecations related to CMSMain refactor (#651) (Guy Sartorelli)
  • 2024-12-08 a6f4dd74 Deprecations for validators (Steve Boyd)
  • 2024-12-05 bf52a22b RequiredFields allow_whitespace_only config (Steve Boyd)
  • 2024-11-26 f0da28b3 Document deprecations as a result of refactoring ModalController (#637) (Guy Sartorelli)
  • 2024-11-26 0bceb743 Add campaign admin deprecations to changelog (Steve Boyd)
  • 2024-11-25 08ebe871 Fixing documentation link (#636) (3Dgoo)
  • 2024-11-21 5f9f4d9d Add campaign admin deprecations to changelog (Steve Boyd)
  • 2024-11-21 5dfdea0d FormField::validate() deprecation notice (Steve Boyd)
  • 2024-11-14 b14da4ff Document deprecated API (#629) (Guy Sartorelli)
  • 2024-11-14 ccfa227e FormField deprecations (Steve Boyd)
  • 2024-11-14 b1a5f0b2 Document new class_description and deprecated DBEnum::flushCache() (#626) (Guy Sartorelli)
  • 2024-11-06 522f5984 Document API that is being removed (#624) (Guy Sartorelli)
  • 2024-11-05 2254bcc9 Document deprecations for migrating the template engine (#623) (Guy Sartorelli)
  • 2024-11-04 fd06b846 Updated using suggested changes (Chris Lock)
  • 2024-11-04 7263e714 fixing the bad placement of quote (Chris Lock)
  • 2024-11-04 ed7b68fd Remove "unreleased" from 5.3.0 changelog (#620) (Guy Sartorelli)
  • 2024-11-01 a9bcefff Fixing the URL for React Dev tools (Chris Lock)
  • 2024-11-01 a555ba23 Adding missing quote on routing example (Chris Lock)
  • 2024-10-31 864eb507 Document deprecation of some API (#616) (Guy Sartorelli)
  • 2024-10-30 9daf8d5a List interface deprecations (Steve Boyd)
  • 2024-10-30 b3c25697 Add details about Reports Admin update (#614) (nate)
  • 2024-10-24 945cc3e3 Document deprecation (#608) (Guy Sartorelli)
  • 2024-10-21 4fabad47 Document deprecations for template layer refactor (#594) (Guy Sartorelli)
  • 2024-10-21 d01a317c Add validations related to DBField (Steve Boyd)
  • 2024-10-17 46384e87 Update deprecation docs (Steve Boyd)
  • 2024-10-13 c6afec4e Document new methods on GridFieldFilterHeader (#597) (Guy Sartorelli)
  • 2024-09-27 6cc343c2 Document some more deprecations (#589) (Guy Sartorelli)
  • 2024-09-19 cc2ea0f4 Update deprecation warning docs (#588) (Guy Sartorelli)
  • 2024-09-13 2142034c Document deprecated API and a few new features (#580) (Guy Sartorelli)
  • 2024-09-12 c1b641bc Document deprecating classes which will be renamed (#585) (Guy Sartorelli)
  • 2024-09-10 98e36cb0 Changing ClassName from Enum to Varchar (Steve Boyd)
  • 2024-09-05 d46ec6da Deprecate TopPage classes that are being renamed (Steve Boyd)

• silverstripe/mfa (5.3.0 -> 5.4.0)

  • 2025-03-24 4a8c8ad Create summary for optional feature (Steve Boyd)

Translations#

• silverstripe/assets (2.3.0 -> 2.4.0)

  • 2025-02-12 b8a8401 Update translations (Steve Boyd)

• silverstripe/framework (5.3.0 -> 5.4.0)

  • 2025-02-12 d83a390d7 Update translations (Steve Boyd)
  • 2025-02-12 5f6de6365 Update translations (Steve Boyd)
  • 2024-11-05 a43a7599b Update translations (Steve Boyd)
  • 2024-11-04 0b9a82827 Update translations (Steve Boyd)

• silverstripe/admin (2.3.0 -> 2.4.0)

  • 2025-02-12 abee07e2 Update translations (Steve Boyd)
  • 2024-11-05 f06f08eb Update translations (Steve Boyd)

• silverstripe/asset-admin (2.3.0 -> 2.4.0)

  • 2025-02-12 a0bd0715 Update translations (Steve Boyd)
  • 2025-02-12 d19beb3e Update translations (Steve Boyd)

• silverstripe/versioned-admin (2.3.0 -> 2.4.0)

  • 2025-02-12 d240ecf Update translations (Steve Boyd)

• silverstripe/cms (5.3.0 -> 5.4.0)

  • 2025-02-12 869eda82 Update translations (Steve Boyd)
  • 2025-01-08 1a83d02c CopyPaste typos in en.yml plurals (Nicola Fontana)

• silverstripe/errorpage (2.3.0 -> 2.4.0)

  • 2025-02-12 7370988 Update translations (Steve Boyd)

• silverstripe/reports (5.3.0 -> 5.4.0)

  • 2025-02-12 571c37c8 Update translations (Steve Boyd)
  • 2024-11-05 727c480d Update translations (Steve Boyd)
  • 2024-11-04 1afc0857 Update translations (Steve Boyd)

• silverstripe/siteconfig (5.3.0 -> 5.4.0)

  • 2025-02-12 97d3c5bc Update translations (Steve Boyd)

• silverstripe/versioned (2.3.0 -> 2.4.0)

  • 2025-02-12 728b10e Update translations (Steve Boyd)

• silverstripe/iframe (3.2.1 -> 3.3.0)

  • 2025-02-12 2329589 Update translations (Steve Boyd)
  • 2024-08-06 0cc5e24 Update translations (#94) (Guy Sartorelli)

• silverstripe/taxonomy (3.2.2 -> 3.2.3)

  • 2025-02-12 2bb5258 Update translations (Steve Boyd)

• silverstripe/blog (4.3.0 -> 4.4.0)

  • 2025-02-12 8fe004e Update translations (Steve Boyd)
  • 2025-02-12 4ca3d0a Update translations (Steve Boyd)
  • 2024-11-05 998dee9 Update translations (Steve Boyd)
  • 2024-11-04 c886004 Update translations (Steve Boyd)

• silverstripe/spamprotection (4.2.1 -> 4.2.2)

  • 2025-02-12 b58ac55 Update translations (Steve Boyd)
  • 2024-08-06 63d7350 Update translations (#124) (Guy Sartorelli)

• colymba/gridfield-bulk-editing-tools (4.1.0 -> 4.1.2)

  • 2025-02-14 b3b5f08 Update translations (Steve Boyd)
  • 2024-11-05 219d091 Update translations (Steve Boyd)

• silverstripe/sharedraftcontent (3.3.0 -> 3.4.0)

  • 2024-11-05 8a0d16e Update translations (Steve Boyd)

• symbiote/silverstripe-advancedworkflow (6.3.0 -> 6.4.0)

  • 2025-02-12 7e22e51 Update translations (Steve Boyd)

• silverstripe/userforms (6.3.0 -> 6.4.0)

  • 2025-02-12 b6fb310 Update translations (Steve Boyd)

• silverstripe/versionfeed (3.2.3 -> 3.2.4)

  • 2025-02-12 6fbde4c Update translations (Steve Boyd)

• dnadesign/silverstripe-elemental (5.3.0 -> 5.4.0)

  • 2025-02-12 258a51d Update translations (Steve Boyd)
  • 2025-02-12 ffbab27 Update translations (Steve Boyd)

• silverstripe/registry (3.2.0 -> 3.3.0)

  • 2025-02-12 b67dbc8 Update translations (Steve Boyd)

• silverstripe/crontask (3.0.4 -> 3.1.0)

  • 2025-02-12 6285b0e Update translations (Steve Boyd)

• silverstripe/subsites (3.3.0 -> 3.4.0)

  • 2025-02-12 94d8bf7 Update translations (Steve Boyd)

• silverstripe/lumberjack (3.2.0 -> 3.3.0)

  • 2025-02-12 0d718f6 Update translations (Steve Boyd)

• dnadesign/silverstripe-elemental-userforms (4.1.1 -> 4.2.0)

  • 2025-02-12 01d5fef Update translations (Steve Boyd)
  • 2025-02-12 f253bca Update translations (Steve Boyd)
  • 2024-08-06 cf1d863 Update translations (#98) (Guy Sartorelli)

• tractorcow/silverstripe-fluent (7.2.0 -> 7.3.0)

  • 2025-02-12 7c2dc5a Update translations (Steve Boyd)

• silverstripe/linkfield (4.1.0 -> 4.2.0)

  • 2025-02-12 ab1a11c Update translations (Steve Boyd)

Other changes#

• silverstripe/vendor-plugin (2.0.3 -> 2.1.0)

  • 2024-10-01 1ffbd53 Revert "DEP Use PHPUnit 11" (#85) (Guy Sartorelli)

• silverstripe/framework (5.3.0 -> 5.4.0)

  • 2025-04-09 d868b1230 Revert "FIX Change password form when cookie samesite is strict" (Steve Boyd)
  • 2025-03-03 f8f4f3b06 remove clean() for thousand separator, use mb_strlen (Lukas Erni)
  • 2024-09-14 5fa88663b feat: support defining MySQLi flags (Will Rossiter)
  • 2024-09-13 6a3659d69 Various deprecations and a few features (#11365) (Guy Sartorelli)

• silverstripe/errorpage (2.3.0 -> 2.4.0)

  • 2024-10-22 648cd87 Add extension hooks for static file writing (Dylan Wagstaff)

• silverstripe/reports (5.3.0 -> 5.4.0)

  • 2024-10-14 556cb366 PR fixes. (Mojmir Fendek)

• dnadesign/silverstripe-elemental (5.3.0 -> 5.4.0)

  • 2025-02-11 9d5bcc6 BUGFIX double escaped mdash (#1314) (Annie Kyles)

• silverstripe/registry (3.2.0 -> 3.3.0)

  • 2024-12-02 da89625 RegistryAdmin add missing return to import (CCCMichaelCole)

• silverstripe/ldap (2.2.3 -> 2.3.0)

  • 2025-01-27 b43050a Revert nested_groups_search_locations and user_filter configs (Michal Kouril)
  • 2024-10-05 30424df PHP8 fix; Added nested_groups_search_locations, user_filter as config options to override defaults (Michal Kouril)

• tractorcow/silverstripe-fluent (7.2.0 -> 7.3.0)

  • 2024-12-16 2144025 skip adding fluent actions menu if it already exists (backport of #fb2c518 to v7) (Florian Thoma)
  • 2024-11-19 c4685cb skip adding fluent actions menu if it already exists (Florian Thoma)