From 04b803dfc6dc60f2e6a38fa74f957156230b54be Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Thu, 28 May 2015 18:59:11 +1200
Subject: [PATCH] Added 3.1.13 changelog

---
 docs/en/04_Changelogs/3.1.13.md | 39 +++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 docs/en/04_Changelogs/3.1.13.md

diff --git a/docs/en/04_Changelogs/3.1.13.md b/docs/en/04_Changelogs/3.1.13.md
new file mode 100644
index 000000000..741344d98
--- /dev/null
+++ b/docs/en/04_Changelogs/3.1.13.md
@@ -0,0 +1,39 @@
+# 3.1.13
+
+# Overview
+
+This release includes several security fixes to prevent HTTP Hostname injection, 
+as well as a fix for flush or isDev querystring parameters
+to be set via unauthenticated requests.
+
+Users upgrading from 3.1.12 or below should read the [security documentation](/security/secure_coding)
+on securing their site.
+
+### Security
+
+ * 2015-05-22 [a978b89](https://github.com/silverstripe/sapphire/commit/a978b89) Fix handling of empty parameter token (Damian Mooyman) - See [ss-2015-014](http://www.silverstripe.org/software/download/security-releases/ss-2015-014)
+ * 2015-05-25 [75137db](https://github.com/silverstripe/sapphire/commit/75137db) Ensure only trusted proxy servers have control over certain HTTP headers (Damian Mooyman) - See [ss-2015-013](http://www.silverstripe.org/software/download/security-releases/ss-2015-013)
+ * 2015-05-25 [22a35e4](https://github.com/silverstripe/sapphire/commit/22a35e4) Fix malformed urls redirecting to external sites (Damian Mooyman) - See [ss-2015-012](http://www.silverstripe.org/software/download/security-releases/ss-2015-012)
+ * 2015-05-22 [79cfa2b](https://github.com/silverstripe/sapphire/commit/79cfa2b) Bug fix sqlquery select (Damian Mooyman) - See [ss-2015-011](http://www.silverstripe.org/software/download/security-releases/ss-2015-011)
+
+### Bugfixes
+
+ * 2015-04-24 [242de4e](https://github.com/silverstripe/sapphire/commit/242de4e) Added Youtube's short URL. (Michael Strong)
+ * 2015-05-28 [9c8fa51](https://github.com/silverstripe/sapphire/commit/9c8fa51) Allow users to specify allowed hosts (Marcus Nyeholt)
+ * 2015-05-07 [828ad6e](https://github.com/silverstripe/sapphire/commit/828ad6e) Modifications to GridFieldExportButton to allow ArrayList use in SS_Report (Will Rossiter)
+ * 2015-04-30 [be10d90](https://github.com/silverstripe/sapphire/commit/be10d90) count breaks when having clause defined (Aram Balakjian)
+ * 2015-04-27 [120b983](https://github.com/silverstripe/sapphire/commit/120b983) X-Reload & X-ControllerURL didn't support absolute URLs (fixes #4119) (Loz Calver)
+ * 2015-04-25 [bfd8b66](https://github.com/silverstripe/sapphire/commit/bfd8b66) for #4104, minor revision of error messages in ListboxField (more intuitive). (Patrick Nelson)
+ * 2015-04-23 [5ae0ca1](https://github.com/silverstripe/sapphire/commit/5ae0ca1) #4100 Setup the ability to overload the ShortcodeParser class and ensuring its methods/properties are extensible via the "static" keyword. (Patrick Nelson)
+ * 2015-04-23 [c2fd18e](https://github.com/silverstripe/sapphire/commit/c2fd18e) use config for Security::$login_url (Daniel Hensby)
+ * 2015-04-23 [19423e9](https://github.com/silverstripe/sapphire/commit/19423e9) Fix tinymce errors crashing CMS When removing a tinymce field, internal third party errors should be caught and ignored gracefully rather than breaking the whole CMS. (Damian Mooyman)
+ * 2015-04-20 [8e24511](https://github.com/silverstripe/sapphire/commit/8e24511) Fix users with all cms section access not able to edit files Fixes #4078 (Damian Mooyman)
+ * 2015-04-14 [8caaae6](https://github.com/silverstripe/sapphire/commit/8caaae6) Fix accordion sometimes displaying scrollbars (Damian Mooyman)
+ * 2015-03-31 [a71f5f9](https://github.com/silverstripe/silverstripe-cms/commit/a71f5f9) Use SearchForm::create to instantiate SearchForm (Daniel Hensby)
+ * 2015-03-26 [636cddb](https://github.com/silverstripe/sapphire/commit/636cddb) export and print buttons outside button row (Naomi Guyer)
+ * 2015-03-26 [a7d3f89](https://github.com/silverstripe/sapphire/commit/a7d3f89) Check for existence of HTTP_USER_AGENT to avoid E_NOTICE error. (Sean Harvey)
+ * 2015-03-25 [8d6cd15](https://github.com/silverstripe/sapphire/commit/8d6cd15) Fix some database errors during dev/build where an auth token exists for the current user Fixes #3660 (Damian Mooyman)
+ * 2015-03-23 [aba0b70](https://github.com/silverstripe/sapphire/commit/aba0b70) GridFieldDetailForm::setItemEditFormCalback broke chaining (Daniel Hensby)
+ * 2015-03-23 [72bb9a2](https://github.com/silverstripe/sapphire/commit/72bb9a2) Debug::text no longer incorrecty returns "ViewableData_debugger" (Daniel Hensby)
+ * 2015-03-16 [f2b1fa9](https://github.com/silverstripe/sapphire/commit/f2b1fa9) broken link in docs to how_tos/extend_cms_interface (Jeremy Shipman)
+ * 2015-02-24 [6c92a86](https://github.com/silverstripe/silverstripe-cms/commit/6c92a86) Fix CMSMainTest attempting to render page on Security permission error (Damian Mooyman)