28 lines
1.3 KiB
Markdown
Raw Normal View History

# 3.1.7
## Upgrading
### Authentication
3.1.7 introduces a re-authentication feature, which allows user working in the CMS to quickly re-enter their password
and continue working should their session expire. This occurs through a popup dialog, which asks the user for their
current password to continue working.
If using a custom `[api:Authenticator]` class to replace the default MemberAuthenticator, then by default this feature
will be disabled. If multiple authenticators are used, only supported ones will be available within the CMS.
In order to create a CMS supported version the `Authenticator::supports_cms` and `Authenticator::get_cms_login_form`
methods should be overridden. See `[api:MemberAuthenticator]` for an example implementation.
Check the documentation at the [Authentication](/topics/authentication) topic.
### Default Admin
In this version the way that the default admin user is managed is slightly changed. Rather than defaulting to the first
administrator user in the CMS, a user logging in as a default admin will always be assigned to a "Default Admin"
user with admin privileges. In the past, this user would only be created if no other administrators existed.
## Security
* 2014-07-05 [c247dd5](https://github.com/silverstripe/silverstripe-framework/commit/c247dd5) Add default $lock_out_after_incorrect_logins value [SS-2014-016].