silverstripe-framework/docs/en/changelogs/3.1.7.md

# 3.1.7

## Upgrading

### Authentication

3.1.7 introduces a re-authentication feature, which allows user working in the CMS to quickly re-enter their password
and continue working should their session expire. This occurs through a popup dialog, which asks the user for their
current password to continue working.

If using a custom `[api:Authenticator]` class to replace the default MemberAuthenticator, then by default this feature
will be disabled. If multiple authenticators are used, only supported ones will be available within the CMS.

In order to create a CMS supported version the `Authenticator::supports_cms` and `Authenticator::get_cms_login_form`
methods should be overridden. See `[api:MemberAuthenticator]` for an example implementation.

Check the documentation at the [Authentication](/topics/authentication) topic.

### Default Admin

In this version the way that the default admin user is managed is slightly changed. Rather than defaulting to the first
administrator user in the CMS, a user logging in as a default admin will always be assigned to a "Default Admin"
user with admin privileges. In the past, this user would only be created if no other administrators existed.

## Security

* 2014-07-05 [c247dd5](https://github.com/silverstripe/silverstripe-framework/commit/c247dd5) Add default $lock_out_after_incorrect_logins value [SS-2014-016].
Set $lock_out_after_incorrect_logins out of the box 2014-07-05 02:53:43 +02:00			`# 3.1.7`

API Enable re-authentication within the CMS if a user session is lost BUG Resolve issue with error redirection being ignored within CMS BUG Fix issue with invalid securityID being re-emitted on failure 2014-10-06 05:01:33 +02:00			`## Upgrading`

			`### Authentication`

			`3.1.7 introduces a re-authentication feature, which allows user working in the CMS to quickly re-enter their password`
			`and continue working should their session expire. This occurs through a popup dialog, which asks the user for their`
			`current password to continue working.`

			If using a custom `[api:Authenticator]` class to replace the default MemberAuthenticator, then by default this feature
			`will be disabled. If multiple authenticators are used, only supported ones will be available within the CMS.`

			In order to create a CMS supported version the `Authenticator::supports_cms` and `Authenticator::get_cms_login_form`
			methods should be overridden. See `[api:MemberAuthenticator]` for an example implementation.

			`Check the documentation at the [Authentication](/topics/authentication) topic.`

			`### Default Admin`

			`In this version the way that the default admin user is managed is slightly changed. Rather than defaulting to the first`
			`administrator user in the CMS, a user logging in as a default admin will always be assigned to a "Default Admin"`
			`user with admin privileges. In the past, this user would only be created if no other administrators existed.`

Set $lock_out_after_incorrect_logins out of the box 2014-07-05 02:53:43 +02:00			`## Security`

			`* 2014-07-05 [c247dd5](https://github.com/silverstripe/silverstripe-framework/commit/c247dd5) Add default $lock_out_after_incorrect_logins value [SS-2014-016].`