diff --git a/.travis.yml b/.travis.yml
index 156e33972..d2d94d077 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -26,8 +26,12 @@ script:
 
 branches:
   except:
-    - translation-staging
+    - 2.1
+    - 2.2
+    - 2.3
     - 2.4
+    - post-2.4
+    - translation-staging
 
 notifications:
   irc:
diff --git a/docs/en/changelogs/rc/2.4.8-rc1.md b/docs/en/changelogs/rc/2.4.8-rc1.md
new file mode 100644
index 000000000..6898c937d
--- /dev/null
+++ b/docs/en/changelogs/rc/2.4.8-rc1.md
@@ -0,0 +1,42 @@
+# 2.4.8-rc1 #
+
+## Overview ##
+
+ * Security (Moderate Severity): More solid relative/site URL checks (related to "BackURL" redirection).
+ * Security (Moderate Severity): Ensure javascript content type is sent in form responses. If content type is html, and the javascript contains script tags within the content, this content will be executed.
+ * Security (Low Severity): Fixed remote code execution vuln in install.php due to inserting unescaped user data into mysite/_config.php. Not critical because install.php is required to be removed on a SilverStripe installation anyway
+
+## Details
+
+### API Changes
+
+ * 2012-02-01 [bf4476a](https://github.com/silverstripe/sapphire/commit/bf4476a) silverstripe_version file now contains the plain version number, rather than an SVN path (Ingo Schommer)
+ * 2012-02-01 [4abe136](https://github.com/silverstripe/silverstripe-cms/commit/4abe136) silverstripe_version file now contains the plain version number, rather than an SVN path (Ingo Schommer)
+
+### Features and Enhancements
+
+ * 2012-02-03 [921bf9a](https://github.com/silverstripe/sapphire/commit/921bf9a) Ensure that forceSSL and protocol detection respects the X-Forwarded-Protocol header. (Sam Minnee)
+
+### Bugfixes
+
+ * 2012-09-14 [8ec6312](https://github.com/silverstripe/sapphire/commit/8ec6312) to prevent unintended results from getComponentsQuery(...) (stozze)
+ * 2012-07-09 [838ac97](https://github.com/silverstripe/silverstripe-cms/commit/838ac97) fixing an edge-case bug where a 404-page would get statically published and overwrite the homepage of the site (this would sometimes happen when a RedirectorPage was set to an external URL and still referenced an internal page ID) (Julian Seidenberg)
+ * 2012-05-04 [392543b](https://github.com/silverstripe/sapphire/commit/392543b) Don't' set 'Referer' header in FunctionalTest->get()/post() if its explicitly passed to the method (Ingo Schommer)
+
+### Minor changes
+
+ * 2012-08-15 [7669871](https://github.com/silverstripe/sapphire/commit/7669871) fixed array to string conversion to avoid PHP 5.4 warnings (Adam Skrzypulec)
+ * 2012-05-29 [039a372](https://github.com/silverstripe/silverstripe-installer/commit/039a372) Fixed phpunit bootstrap relative path (Ingo Schommer)
+ * 2012-05-14 [b211c38](https://github.com/silverstripe/sapphire/commit/b211c38) Manually testing exceptions in SSViewerCacheBlockTest to avoid PHPUnit 3.6 warnings (Ingo Schommer)
+ * 2012-03-30 [c1d2cd1](https://github.com/silverstripe/sapphire/commit/c1d2cd1) Corrected Geoip entries for ex-Yugoslavia ... better late than never (Ingo Schommer)
+ * 2012-03-14 [44b9d05](https://github.com/silverstripe/sapphire/commit/44b9d05) Backported bootstrap.php changes from master and cstom TeamCity configuration (required to run tests through phpunit binary) (Ingo Schommer)
+ * 2011-12-17 [af22d07](https://github.com/silverstripe/sapphire/commit/af22d07) On PHPUnit 3.6, show the output of tests. (Sam Minnee)
+ * 2011-11-08 [5956ad8](https://github.com/silverstripe/sapphire/commit/5956ad8) Amended PHPUnit execution to work with PHPUnit 3.6 (Sam Minnee)
+
+### Other
+
+ * 2012-10-05 [1c7b7d0](https://github.com/silverstripe/sapphire/commit/1c7b7d0) Fixed grammatical error for Form.FIELDISREQUIRED (Will Morgan)
+ * 2012-08-08 [f6c69d5](https://github.com/silverstripe/sapphire/commit/f6c69d5) Update widget documentation (fixes #706) (Will Rossiter)
+ * 2012-05-16 [b7c8737](https://github.com/silverstripe/silverstripe-installer/commit/b7c8737) SECURITY Fixed remote code execution vuln in install.php due to inserting unescaped user data into mysite/_config.php. Not critical because install.php is required to be removed on a SilverStripe installation anyway (fixes #7205) (Ingo Schommer)
+ * 2012-05-04 [46064f8](https://github.com/silverstripe/sapphire/commit/46064f8) SECURITY More solid relative/site URL checks (related to "BackURL" redirection) (Ingo Schommer)
+ * 2012-05-03 [9bf3ae9](https://github.com/silverstripe/sapphire/commit/9bf3ae9) SECURITY: Ensure javascript content type is sent in form responses. If content type is html, and the javascript contains script tags within the content, this content will be executed. (Andrew O'Neil)
\ No newline at end of file
diff --git a/model/DB.php b/model/DB.php
index e544d1372..70ef907ac 100644
--- a/model/DB.php
+++ b/model/DB.php
@@ -65,14 +65,14 @@ class DB {
 	 * Set it to null to revert to the main database.
 	 */
 	public static function set_alternative_database_name($dbname) {
-		$_SESSION["alternativeDatabaseName"] = $dbname;
+		Session::set("alternativeDatabaseName", $dbname);
 	}
 	
 	/**
 	 * Get the name of the database in use
 	 */
 	public static function get_alternative_database_name() {
-		return $_SESSION["alternativeDatabaseName"];	
+		return Session::get("alternativeDatabaseName");	
 	}
 
 	/**
@@ -84,8 +84,8 @@ class DB {
 	 */
 	public static function connect($databaseConfig) {
 		// This is used by TestRunner::startsession() to test up a test session using an alt
-		if(isset($_SESSION) && !empty($_SESSION['alternativeDatabaseName'])) {
-			$databaseConfig['database'] = $_SESSION['alternativeDatabaseName'];
+		if($name = Session::get('alternativeDatabaseName')) {
+			$databaseConfig['database'] = $name;
 		}
 
 		if(!isset($databaseConfig['type']) || empty($databaseConfig['type'])) {
diff --git a/model/HTMLValue.php b/model/HTMLValue.php
index 4d1884d2b..86d754895 100644
--- a/model/HTMLValue.php
+++ b/model/HTMLValue.php
@@ -17,14 +17,30 @@ class SS_HTMLValue extends ViewableData {
 	 * @param string $content
 	 */
 	public function __construct($content = null) {
-		$this->document = new DOMDocument('1.0', 'UTF-8');
-		$this->document->scrictErrorChecking = false;
-
+		$this->setDocument(new DOMDocument('1.0', 'UTF-8'));
+		$this->setScrictErrorChecking(false);
+		$this->setOutputFormatting(false);
 		$this->setContent($content);
-		
+
 		parent::__construct();
 	}
-	
+
+	/**
+	 * Should strict error checking be used?
+	 * @param boolean $bool
+	 */
+	public function setScrictErrorChecking($bool) {
+		$this->getDocument()->scrictErrorChecking = $bool;
+	}
+
+	/**
+	 * Should the output be formatted?
+	 * @param boolean $bool
+	 */
+	public function setOutputFormatting($bool) {
+		$this->getDocument()->formatOutput = $bool;
+	}
+
 	/**
 	 * @return string
 	 */
@@ -35,16 +51,15 @@ class SS_HTMLValue extends ViewableData {
 		return trim(
 			preg_replace(
 				array(
-					'/^<!DOCTYPE.+?>/i',
-					'/(.*)<body>/i',
-					'/<\/body>(.*)/i',
+					'/(.*)<body>/is',
+					'/<\/body>(.*)/is',
 				),
 				'',
 				urldecode($this->getDocument()->saveHTML())
 			)
 		);
 	}
-	
+
 	/**
 	 * @param string $content
 	 * @return bool
@@ -59,14 +74,21 @@ class SS_HTMLValue extends ViewableData {
 			"<body>$content</body></html>"
 		);
 	}
-	
+
 	/**
 	 * @return DOMDocument
 	 */
 	public function getDocument() {
 		return $this->document;
 	}
-	
+
+	/**
+	 * @param DOMDocument $document
+	 */
+	public function setDocument($document) {
+		$this->document = $document;
+	}
+
 	/**
 	 * A simple convenience wrapper around DOMDocument::getElementsByTagName().
 	 *
diff --git a/tests/integration/HTMLValueTest.php b/tests/integration/HTMLValueTest.php
index 600325adf..aa2beadbb 100644
--- a/tests/integration/HTMLValueTest.php
+++ b/tests/integration/HTMLValueTest.php
@@ -6,9 +6,10 @@
 class SS_HTMLValueTest extends SapphireTest {
 	
 	public function testInvalidHTMLSaving() {
-		$value   = new SS_HTMLValue();
+		$value = new SS_HTMLValue();
 		$invalid = array (
 			'<p>Enclosed Value</p></p>'                              => '<p>Enclosed Value</p>',
+			'<meta content="text/html"></meta>'                      => '<meta content="text/html">',
 			'<p><div class="example"></div></p>'                     => '<p></p><div class="example"></div>',
 			'<html><html><body><falsetag "attribute=""attribute""">' => '<falsetag></falsetag>',
 			'<body<body<body>/bodu>/body>'                           => '/bodu&gt;/body&gt;'
@@ -19,9 +20,22 @@ class SS_HTMLValueTest extends SapphireTest {
 			$this->assertEquals($expected, $value->getContent(), 'Invalid HTML can be saved');
 		}
 	}
-	
+
+	public function testUtf8Saving() {
+		$value = new SS_HTMLValue();
+		$value->setContent('<p>ö ß ā い 家</p>');
+		$this->assertEquals('<p>ö ß ā い 家</p>', $value->getContent());
+	}
+
+	public function testOutputFormatting() {
+		$value = new SS_HTMLValue();
+		$value->setOutputFormatting(true);
+		$value->setContent('<meta content="text/html">');
+		$this->assertEquals('<meta content="text/html">', $value->getContent(), 'Formatted output works');
+	}
+
 	public function testInvalidHTMLTagNames() {
-		$value   = new SS_HTMLValue();
+		$value = new SS_HTMLValue();
 		$invalid = array(
 			'<p><div><a href="test-link"></p></div>',
 			'<html><div><a href="test-link"></a></a></html_>',
@@ -30,7 +44,7 @@ class SS_HTMLValueTest extends SapphireTest {
 		
 		foreach($invalid as $input) {
 			$value->setContent($input);
-			$this->assertEquals (
+			$this->assertEquals(
 				'test-link',
 				$value->getElementsByTagName('a')->item(0)->getAttribute('href'),
 				'Link data can be extraced from malformed HTML'
@@ -47,5 +61,5 @@ class SS_HTMLValueTest extends SapphireTest {
 			'Newlines get converted'
 		);
 	}
-	
+
 }