silverstripe-framework/docs/en/changelogs/rc/3.1.0-rc3.md

# 3.1.0-rc3

## Overview

### Security: XSS in CMS "Security" section (SS-2013-007)

See [announcement](http://www.silverstripe.org/ss-2013-007-xss-in-cms-security-section/)

### Security: XSS in CMS "Pages" section (SS-2013-009)

See [announcement](http://www.silverstripe.org/ss-2013-009-xss-in-cms-pages-section/)
FIX Escape breadcrumbs in SecurityAdmin (SS-2013-007) 2013-09-24 10:45:55 +02:00			`# 3.1.0-rc3`

			`## Overview`

			`### Security: XSS in CMS "Security" section (SS-2013-007)`

FIX Auto-escape titles in TreeDropdownField Related to SS-2013-009. While the default "TreeTitle" was escaped within the SiteTree->TreeTitle() getter, other properties like SiteTree->Title weren't escaped. The new logic uses the underlying casting helpers on the processed objects. 2013-09-24 12:59:05 +02:00			`See [announcement](http://www.silverstripe.org/ss-2013-007-xss-in-cms-security-section/)`

			`### Security: XSS in CMS "Pages" section (SS-2013-009)`

			`See [announcement](http://www.silverstripe.org/ss-2013-009-xss-in-cms-pages-section/)`