From b3c91ecac961f3130a8a8fa5119f7f0502401292 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Thu, 26 Sep 2013 01:42:27 +0200
Subject: [PATCH] Added 3.1.0-rc3 changelog

---
 docs/en/changelogs/rc/3.1.0-rc3.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 docs/en/changelogs/rc/3.1.0-rc3.md

diff --git a/docs/en/changelogs/rc/3.1.0-rc3.md b/docs/en/changelogs/rc/3.1.0-rc3.md
new file mode 100644
index 000000000..80b1b40e5
--- /dev/null
+++ b/docs/en/changelogs/rc/3.1.0-rc3.md
@@ -0,0 +1,21 @@
+# 3.1.0-rc3
+
+# Overview
+
+### Security: XSS in CMS "Security" section (SS-2013-007)
+
+See [announcement](http://www.silverstripe.org/ss-2013-007-xss-in-cms-security-section/)
+
+### Security: XSS in form validation errors (SS-2013-008)
+
+See [announcement](http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/)
+
+### Security: XSS in CMS "Pages" section (SS-2013-009)
+
+See [announcement](http://www.silverstripe.org/ss-2013-009-xss-in-cms-pages-section/)
+
+### API: Form validation message no longer allow HTML
+
+Due to cross-site scripting concerns when user data is used for form messages,
+it is no longer possible to use HTML in `Form->sessionMessage()`, and consequently
+in the `FormField->validate()` API.
\ No newline at end of file