SilverStripe 3.1.10
18 February 2015
SilverStripe version 3.1.10 is now available (security release).
Upgrading to SilverStripe 3.1.10
SilverStripe 3.1.10 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply SilverStripe updates as new versions are released, or use Installatron's Clone feature to duplicate an existing SilverStripe install to test the 3.1.10 upgrade prior to applying it live. Get started managing your SilverStripe installations with Installatron
What's New in SilverStripe 3.1.10
Several medium and some low level security XSS (cross site scripting) vulnerabilites have been closed in this release.
Security
- 2015-02-10 1db08ba Fix FormAction title encoding (Damian Mooyman) - See announcement ss-2015-007
- 2015-02-10 1db08ba Core CMS XSS Vulnerability Fixes (Damian Mooyman) - See announcements ss-2015-003, ss-2015-004, ss-2015-006
- 2015-01-22 7733c43 Correctly sanitise Title (Michael Strong) - See announcement SS-2015-005
- 2015-02-05 70e0d60 Fix developer output in redirection script (Damian Mooyman) - See announcement SS-2015-001
Features and Enhancements
- 2015-01-22 2e4bf9a Update sake to reference new docs (Cam Findlay)
Bugfixes
- 2015-02-17 aa77e12 Fixed infinity loop when searching _ss_environment (Zauberfish)
- 2015-02-12 047fe3a Include php version in default cache folder name Update CoreTest.php (JorisDebonnet)
- 2015-02-08 a530085 External redirects shouldnt show in preview pane (Daniel Hensby)
- 2015-02-06 d68435e SelectionGroup no longer shows empty FieldLists (Daniel Hensby)
- 2015-02-06 a0f9535 issue where empty composite fields created a fieldlist with empty items (Daniel Hensby)
- 2015-02-03 abd1e6b GridFieldExportButton should honour can method. (Will Rossiter)
- 2015-01-22 eed7093 dev/build not flushing manifests if site is in a subfolder (Loz Calver)
- 2015-01-19 77ebdc2 DataObject::db returned fields in incorrect order, with incorrect data types (Loz Calver)
- 2015-01-15 32ce85d . Summary fields can't be translated (Elvinas L.)
- 2015-01-13 2e6e8af insert media trims whitespace - fixes #845 (Emma O'Keefe)
- 2015-01-13 2861e7c insert media trims whitespace fixes #845 (Emma O'Keefe)
- 2015-01-09 ef237f6 Expands the CMS' centre-pane when collapsed and it's clicked. (Russell Michell)
- 2014-10-24 9d78eb7 Fix BasicAuth not resetting failed login counts on authentication (Damian Mooyman)
- 2014-10-16 e4ddb4b Ensure query string in X-Backurl is encoded (fixes #3563) (Loz Calver)
- 2014-08-25 f823831 making minify javascript fail-safe (Igor Nadj)
- 2014-04-03 5180452 Fixed handling of numbers in certain locales. Fixes #2161 (Damian Mooyman)