diff --git a/docs/en/04_Changelogs/rc/3.5.0-rc3.md b/docs/en/04_Changelogs/rc/3.5.0-rc3.md new file mode 100644 index 000000000..03e5d9675 --- /dev/null +++ b/docs/en/04_Changelogs/rc/3.5.0-rc3.md @@ -0,0 +1,21 @@ +# 3.5.0-rc3 + + + +## Change Log + +### Security + + * 2016-11-11 [4440b88](https://github.com/silverstripe/silverstripe-framework/commit/4440b887304fe80ca77366800457cbc2ac705654) Form@httpSubmission will no longer load submitted data to disabled or readonly fields (Daniel Hensby) - See [ss-2016-010](http://www.silverstripe.org/download/security-releases/ss-2016-010) + * 2016-11-11 [61e4055](https://github.com/silverstripe/silverstripe-framework/commit/61e4055bdb13e37df6aa0d8edca0bf5d9345dc7e) Cast FormField values as Text to prevent readonly fields embeding rogue HTML (Daniel Hensby) - See [ss-2016-010](http://www.silverstripe.org/download/security-releases/ss-2016-010) + * 2016-10-27 [17097a4](https://github.com/silverstripe/silverstripe-framework/commit/17097a4d11274b157eadf64f32708acef204d510) Properly escape backURL for template injection (Daniel Hensby) - See [ss-2016-016](http://www.silverstripe.org/download/security-releases/ss-2016-016) + * 2016-07-14 [ca526b0](https://github.com/silverstripe/silverstripe-reports/commit/ca526b08c32ffe171368c1f6e456a8bfffa287d7) Missing ACL check on ReportAdmin (Daniel Hensby) - See [ss-2016-012](http://www.silverstripe.org/download/security-releases/ss-2016-012) + * 2016-07-14 [04b4453](https://github.com/silverstripe/silverstripe-cms/commit/04b4453e041c2520d3658be1585146f79dca09d8) Missing ACL check on ReportAdmin (Daniel Hensby) - See [ss-2016-012](http://www.silverstripe.org/download/security-releases/ss-2016-012) + +### API Changes + + * 2016-11-15 [f43a91a](https://github.com/silverstripe/silverstripe-framework/commit/f43a91a4f8d6d5b6bfdda0c67d8647c056f8d62e) Add FormField::canSubmitValue() (Damian Mooyman) + +### Bugfixes + + * 2016-10-22 [bec5adf](https://github.com/silverstripe/silverstripe-framework/commit/bec5adf09b733904a4e8d0aa55bdc337489af533) Versioned sort by ID (Jonathon Menz)