silverstripe-framework/docs/en/04_Changelogs/3.1.3.md

# 3.1.3

## Overview

 * Security: Require ADMIN for ?flush=1&isDev=1 ([SS-2014-001](http://www.silverstripe.org/ss-2014-001-require-admin-for-flush1-and-isdev1))
 * Security: XSS in third party library (SWFUpload) ([SS-2014-002](http://www.silverstripe.org/ss-2014-002-xss-in-third-party-library-swfupload/))
 * Security: SiteTree.ExtraMeta allows JavaScript for malicious CMS authors ([SS-2014-003](http://www.silverstripe.org/ss-2014-003-extrameta-allows-javascript-for-malicious-cms-authors-/))
 * Better loading performance when using multiple `UploadField` instances
 * Option for `force_js_to_bottom` on `Requirements` class (ignoring inline `<script>` tags)
 * Added `ListDecorator->filterByCallback()` for more sophisticated filtering
 * New `DataList` filters: `LessThanOrEqualFilter` and `GreaterThanOrEqualFilter`
 * "Cancel" button on "Add Page" form
 * Better code hinting on magic properties (for IDE autocompletion)
 * Increased Behat test coverage (editing HTML content, managing page permissions)
 * Support for PHPUnit 3.8

## Upgrading

### SiteTree.ExtraMeta allows JavaScript for malicious CMS authors

If you have previously used the `SiteTree.ExtraMeta` field for `<head>` markup
other than its intended use case (`<meta>` and `<link>`), please consult
[SS-2014-003](http://www.silverstripe.org/ss-2014-003-extrameta-allows-javascript-for-malicious-cms-authors-/).

## Changelog

 * [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.1.3)
 * [cms](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.1.3)
 * [installer](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.1.3)
DOCS Fix missing changelogs 2015-01-21 20:40:33 +01:00			`# 3.1.3`

			`## Overview`

			`* Security: Require ADMIN for ?flush=1&isDev=1 ([SS-2014-001](http://www.silverstripe.org/ss-2014-001-require-admin-for-flush1-and-isdev1))`
			`* Security: XSS in third party library (SWFUpload) ([SS-2014-002](http://www.silverstripe.org/ss-2014-002-xss-in-third-party-library-swfupload/))`
			`* Security: SiteTree.ExtraMeta allows JavaScript for malicious CMS authors ([SS-2014-003](http://www.silverstripe.org/ss-2014-003-extrameta-allows-javascript-for-malicious-cms-authors-/))`
			* Better loading performance when using multiple `UploadField` instances
			* Option for `force_js_to_bottom` on `Requirements` class (ignoring inline `<script>` tags)
			* Added `ListDecorator->filterByCallback()` for more sophisticated filtering
			* New `DataList` filters: `LessThanOrEqualFilter` and `GreaterThanOrEqualFilter`
			`* "Cancel" button on "Add Page" form`
			`* Better code hinting on magic properties (for IDE autocompletion)`
			`* Increased Behat test coverage (editing HTML content, managing page permissions)`
			`* Support for PHPUnit 3.8`

			`## Upgrading`

			`### SiteTree.ExtraMeta allows JavaScript for malicious CMS authors`

			If you have previously used the `SiteTree.ExtraMeta` field for `<head>` markup
			other than its intended use case (`<meta>` and `<link>`), please consult
			`[SS-2014-003](http://www.silverstripe.org/ss-2014-003-extrameta-allows-javascript-for-malicious-cms-authors-/).`

			`## Changelog`

			`* [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.1.3)`
			`* [cms](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.1.3)`
			`* [installer](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.1.3)`