Most of the `set` operations will return the object back so methods can be chained.
@@ -238,14 +238,14 @@ with the particular button. In the previous example, clicking the 'Another Butto
* The `Form` instance.
* The `Controller` instance.
-
+
If the `$action` method cannot be found on any of those or is marked as `private` or `protected`, an error will be
thrown.
The `$action` method takes two arguments:
- * `$data` an array containing the values of the form mapped from `$name` => '$value'
+ * `$data` an array containing the values of the form mapped from `$name => $value`
* `$form` the submitted [api:Form] instance.
:::php
diff --git a/docs/en/02_Developer_Guides/03_Forms/01_Validation.md b/docs/en/02_Developer_Guides/03_Forms/01_Validation.md
index c1910e70a..a9c9f0064 100644
--- a/docs/en/02_Developer_Guides/03_Forms/01_Validation.md
+++ b/docs/en/02_Developer_Guides/03_Forms/01_Validation.md
@@ -102,7 +102,7 @@ the same validation logic applied to it throughout.
}
else if($this->value > 5 || $this->value < 2) {
$validator->validationError(
- $this->name, "Your number must be between 2 and 5, "validation", false
+ $this->name, "Your number must be between 2 and 5", "validation", false
);
return false;
@@ -232,4 +232,4 @@ Again, custom error messages can be provided through the `FormField`
## API Documentation
* [api:RequiredFields]
- * [api:Validator]
\ No newline at end of file
+ * [api:Validator]
diff --git a/docs/en/02_Developer_Guides/05_Extending/04_Shortcodes.md b/docs/en/02_Developer_Guides/05_Extending/04_Shortcodes.md
index 36b265b73..42484385d 100644
--- a/docs/en/02_Developer_Guides/05_Extending/04_Shortcodes.md
+++ b/docs/en/02_Developer_Guides/05_Extending/04_Shortcodes.md
@@ -57,7 +57,7 @@ First we need to define a callback for the shortcode.
);
public function MyShortCodeMethod($arguments, $content = null, $parser = null, $tagName) {
- return str_replace($content, "
$content", $this->Content);
+ return "
" . $tagName . " " . $content . "; " . count($arguments) . " arguments.";
}
}
diff --git a/docs/en/02_Developer_Guides/06_Testing/index.md b/docs/en/02_Developer_Guides/06_Testing/index.md
index 34673853a..6d826d73d 100644
--- a/docs/en/02_Developer_Guides/06_Testing/index.md
+++ b/docs/en/02_Developer_Guides/06_Testing/index.md
@@ -78,9 +78,9 @@ You will generally write two different kinds of test classes.
Tutorials and recipes for creating tests using the SilverStripe framework:
-* [Creating a SilverStripe test](creating-a-silverstripe-test): Writing tests to check core data objects
-* [Creating a functional test](creating-a-functional-test): An overview of functional tests and how to write a functional test
-* [Testing Outgoing Email](testing-email): An overview of the built-in email testing code
+* [Creating a SilverStripe test](how_tos/write_a_sapphiretest): Writing tests to check core data objects
+* [Creating a functional test](how_tos/write_a_functionaltest): An overview of functional tests and how to write a functional test
+* [Testing Outgoing Email](how_tos/testing_email): An overview of the built-in email testing code
## Running Tests
diff --git a/docs/en/02_Developer_Guides/07_Debugging/01_Error_Handling.md b/docs/en/02_Developer_Guides/07_Debugging/01_Error_Handling.md
index 013b7c939..863116696 100644
--- a/docs/en/02_Developer_Guides/07_Debugging/01_Error_Handling.md
+++ b/docs/en/02_Developer_Guides/07_Debugging/01_Error_Handling.md
@@ -41,10 +41,13 @@ You can indicate a log file relative to the site root.
:::php
if(!Director::isDev()) {
// log errors and warnings
- SS_Log::add_writer(new SS_LogFileWriter('/my/logfile/path'), SS_Log::WARN, '<=');
-
+ SS_Log::add_writer(new SS_LogFileWriter('../silverstripe-errors-warnings.log'), SS_Log::WARN, '<=');
+
// or just errors
- SS_Log::add_writer(new SS_LogFileWriter('/my/logfile/path'), SS_Log::ERR);
+ SS_Log::add_writer(new SS_LogFileWriter('../silverstripe-errors.log'), SS_Log::ERR);
+
+ // or notices (e.g. for Deprecation Notifications)
+ SS_Log::add_writer(new SS_LogFileWriter('../silverstripe-errors-notices.log'), SS_Log::NOTICE);
}
@@ -62,7 +65,7 @@ You can send both fatal errors and warnings in your code to a specified email-ad
:::php
if(!Director::isDev()) {
// log errors and warnings
- SS_Log::add_writer(new SS_LogEmailWriter('admin@domain.com'), SS_Log::WARN, '<=');
+ SS_Log::add_writer(new SS_LogFileWriter('../silverstripe-errors-warnings.log'), SS_Log::WARN, '<=');
// or just errors
SS_Log::add_writer(new SS_LogEmailWriter('admin@domain.com'), SS_Log::ERR);
@@ -70,4 +73,4 @@ You can send both fatal errors and warnings in your code to a specified email-ad
## API Documentation
-* [api:SS_Log]
\ No newline at end of file
+* [api:SS_Log]
diff --git a/docs/en/02_Developer_Guides/08_Performance/00_Partial_Caching.md b/docs/en/02_Developer_Guides/08_Performance/00_Partial_Caching.md
index c2836e24e..e50d3c1be 100644
--- a/docs/en/02_Developer_Guides/08_Performance/00_Partial_Caching.md
+++ b/docs/en/02_Developer_Guides/08_Performance/00_Partial_Caching.md
@@ -159,7 +159,7 @@ To cache the contents of a page for all anonymous users, but dynamically calcula
## Uncached
-Yhe template tag 'uncached' can be used - it is the exact equivalent of a cached block with an if condition that always
+The template tag 'uncached' can be used - it is the exact equivalent of a cached block with an if condition that always
returns false. The key and conditionals in an uncached tag are ignored, so you can easily temporarily disable a
particular cache block by changing just the tag, leaving the key and conditional intact.
@@ -235,4 +235,4 @@ Can be re-written as:
<% end_loop %>
<% end_cached %>
- <% end_cached %>
\ No newline at end of file
+ <% end_cached %>
diff --git a/docs/en/02_Developer_Guides/08_Performance/01_Caching.md b/docs/en/02_Developer_Guides/08_Performance/01_Caching.md
index 91a08140d..578d895ac 100644
--- a/docs/en/02_Developer_Guides/08_Performance/01_Caching.md
+++ b/docs/en/02_Developer_Guides/08_Performance/01_Caching.md
@@ -51,7 +51,7 @@ The returned object is of type `Zend_Cache`.
$cache = SS_Cache::factory('foo');
if (!($result = $cache->load($cachekey))) {
$result = caluate some how;
- $cache->save($result);
+ $cache->save($result, $cachekey);
}
return $result;
@@ -103,7 +103,7 @@ which can provide better performance, including APC, Xcache, ZendServer, Memcach
If `?flush=1` is requested in the URL, e.g. http://mysite.com?flush=1, this will trigger a call to `flush()` on
any classes that implement the `Flushable` interface. Using this, you can trigger your caches to clean.
-See [reference documentation on Flushable](/reference/flushable) for implementation details.
+See [reference documentation on Flushable](/developer_guides/execution_pipeline/flushable/) for implementation details.
### Memcached
diff --git a/docs/en/02_Developer_Guides/09_Security/00_Member.md b/docs/en/02_Developer_Guides/09_Security/00_Member.md
index 2cd7c9680..f84ebf425 100644
--- a/docs/en/02_Developer_Guides/09_Security/00_Member.md
+++ b/docs/en/02_Developer_Guides/09_Security/00_Member.md
@@ -91,7 +91,7 @@ and another subclass for the same email-address in the address-database.
Using inheritance to add extra behaviour or data fields to a member is limiting, because you can only inherit from 1
class. A better way is to use role extensions to add this behaviour. Add the following to your
-`[config.yml](/topics/configuration)`.
+`[config.yml](/developer_guides/configuration/configuration/#configuration-yaml-syntax-and-rules)`.
:::yml
Member:
diff --git a/docs/en/02_Developer_Guides/09_Security/03_Authentication.md b/docs/en/02_Developer_Guides/09_Security/03_Authentication.md
index fa7722418..8a7033a3b 100644
--- a/docs/en/02_Developer_Guides/09_Security/03_Authentication.md
+++ b/docs/en/02_Developer_Guides/09_Security/03_Authentication.md
@@ -8,21 +8,24 @@ authentication system.
The main login system uses these controllers to handle the various security requests:
- * `[api:Security]` Which is the controller which handles most front-end security requests, including
+`[api:Security]` Which is the controller which handles most front-end security requests, including
Logging in, logging out, resetting password, or changing password. This class also provides an interface
to allow configured `[api:Authenticator]` classes to each display a custom login form.
- * `[api:CMSSecurity]` Which is the controller which handles security requests within the CMS, and allows
+
+`[api:CMSSecurity]` Which is the controller which handles security requests within the CMS, and allows
users to re-login without leaving the CMS.
## Member Authentication
The default member authentication system is implemented in the following classes:
- * `[api:MemberAuthenticator]` Which is the default member authentication implementation. This uses the email
+`[api:MemberAuthenticator]` Which is the default member authentication implementation. This uses the email
and password stored internally for each member to authenticate them.
- * `[api:MemberLoginForm]` Is the default form used by `MemberAuthenticator`, and is displayed on the public site
+
+`[api:MemberLoginForm]` Is the default form used by `MemberAuthenticator`, and is displayed on the public site
at the url `Security/login` by default.
- * `[api:CMSMemberLoginForm]` Is the secondary form used by `MemberAuthenticator`, and will be displayed to the
+
+`[api:CMSMemberLoginForm]` Is the secondary form used by `MemberAuthenticator`, and will be displayed to the
user within the CMS any time their session expires or they are logged out via an action. This form is
presented via a popup dialog, and can be used to re-authenticate that user automatically without them having
to lose their workspace. E.g. if editing a form, the user can login and continue to publish their content.
@@ -32,10 +35,11 @@ The default member authentication system is implemented in the following classes
Additional authentication methods (oauth, etc) can be implemented by creating custom implementations of each of the
following base classes:
- * `[api:Authenticator]` The base class for authentication systems. This class also acts as the factory
+`[api:Authenticator]` The base class for authentication systems. This class also acts as the factory
to generate various login forms for parts of the system. If an authenticator supports in-cms
reauthentication then it will be necessary to override the `supports_cms` and `get_cms_login_form` methods.
- * `[api:LoginForm]` which is the base class for a login form which links to a specific authenticator. At the very
+
+`[api:LoginForm]` which is the base class for a login form which links to a specific authenticator. At the very
least, it will be necessary to implement a form class which provides a default login interface. If in-cms
re-authentication is desired, then a specialised subclass of this method may be necessary. For example, this form
could be extended to require confirmation of username as well as password.
diff --git a/docs/en/02_Developer_Guides/14_Files/01_Image.md b/docs/en/02_Developer_Guides/14_Files/01_Image.md
index 682183362..bd3b4537a 100644
--- a/docs/en/02_Developer_Guides/14_Files/01_Image.md
+++ b/docs/en/02_Developer_Guides/14_Files/01_Image.md
@@ -97,7 +97,7 @@ For output of an image tag with the image automatically resized to 80px width, y
$Image.SetSize(80,80) // returns a 80x80px padded image
$Image.SetRatioSize(80,80) // Returns an image scaled proportional, with its greatest diameter scaled to 80px
$Image.CroppedImage(80,80) // Returns an 80x80 image cropped from the center.
- $Image.PaddedImage(80, 80) // Returns an 80x80 image. Unused space is padded white. No crop. No stretching
+ $Image.PaddedImage(80, 80, FFFFFF) // Returns an 80x80 image. Unused space is padded white. No crop. No stretching
$Image.Width // returns width of image
$Image.Height // returns height of image
$Image.Orientation // returns Orientation
diff --git a/docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/01_ModelAdmin.md b/docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/01_ModelAdmin.md
index 0d3c7ba3d..f1669e074 100644
--- a/docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/01_ModelAdmin.md
+++ b/docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/01_ModelAdmin.md
@@ -150,7 +150,7 @@ The results are shown in a tabular listing, powered by the [GridField](../forms/
the [api:GridFieldDataColumns] component. This component looks for a [api:DataObject::$summary_fields] static on your
model class, where you can add or remove columns. To change the title, use [api:DataObject::$field_labels].
-**mysite/code/Page.php**
+**mysite/code/Product.php**
:::php
load('mykey');
if(!$something) {
$something = 'value to be cached';
- $cache->save($something);
+ $cache->save($something, 'mykey');
}
return $something;
}
diff --git a/docs/en/02_Developer_Guides/16_Execution_Pipeline/02_Manifests.md b/docs/en/02_Developer_Guides/16_Execution_Pipeline/02_Manifests.md
index 269382e26..694d5190a 100644
--- a/docs/en/02_Developer_Guides/16_Execution_Pipeline/02_Manifests.md
+++ b/docs/en/02_Developer_Guides/16_Execution_Pipeline/02_Manifests.md
@@ -76,7 +76,7 @@ The chapter on [configuration](/topics/configuration) has more details.
## Flushing
If a `?flush=1` query parameter is added to a URL, a call to `flush()` will be triggered
-on any classes that implement the [Flushable](/reference/flushable) interface.
+on any classes that implement the [Flushable](flushable) interface.
This enables developers to clear [manifest caches](manifests),
for example when adding new templates or PHP classes.
Note that you need to be in [dev mode](/getting_started/environment_management)
diff --git a/docs/en/02_Developer_Guides/16_Execution_Pipeline/index.md b/docs/en/02_Developer_Guides/16_Execution_Pipeline/index.md
index e250b8b9b..45310ae44 100644
--- a/docs/en/02_Developer_Guides/16_Execution_Pipeline/index.md
+++ b/docs/en/02_Developer_Guides/16_Execution_Pipeline/index.md
@@ -130,7 +130,7 @@ The ["Request Filters" documentation](../controller/request_filters) shows you h
## Flushing Manifests
If a `?flush=1` query parameter is added to a URL, a call to `flush()` will be triggered
-on any classes that implement the [Flushable](/reference/flushable) interface.
+on any classes that implement the [Flushable](flushable) interface.
This enables developers to clear [manifest caches](manifests),
for example when adding new templates or PHP classes.
Note that you need to be in [dev mode](/getting_started/environment_management)
diff --git a/docs/en/04_Changelogs/3.0.10.md b/docs/en/04_Changelogs/3.0.10.md
new file mode 100644
index 000000000..8e06089aa
--- /dev/null
+++ b/docs/en/04_Changelogs/3.0.10.md
@@ -0,0 +1,26 @@
+# 3.0.10
+
+## Upgrading
+
+ * If relying on partial caching of content between logged in users, be aware that the cache is now automatically
+ segmented based on both the current member ID, and the versioned reading mode. If this is not an appropriate
+ method (such as if the same content is served to logged in users within partial caching) then it is necessary
+ to adjust the config value of `SSViewer.global_key` to something more or less sensitive.
+
+## Security
+
+ * [BUG Fix issue with versioned dataobjects being cached between stages](https://github.com/silverstripe/silverstripe-framework/commit/4415a75d9304a3930b9c28763fc092299640c685) - See [announcement SS-2014-007](http://www.silverstripe.org/ss-2014-007-confidentiality-breach-can-occur-between-draft-and-live-modes/)
+ * [BUG Fix encoding of JS redirection script](https://github.com/silverstripe/silverstripe-framework/commit/f8e3bbe3ae3f29f22d85abb73cea033659511168) - See [announcement SS-2014-006](http://www.silverstripe.org/ss-2014-006-xss-in-returnurl-redirection/)
+ * [Amends solution to SS-2014-006](https://github.com/silverstripe/silverstripe-framework/commit/5b0a96979484fad12e11ce69aef98feda57b321f)
+ * [FIX Prevent SQLi when no URL filters are applied](https://github.com/silverstripe/silverstripe-cms/commit/114df8a3a5e4800ef7586c5d9c8d79798fd2a11d) - See [announcement SS-2014-004](http://www.silverstripe.org/ss-2014-004-sql-injection-in-sitetree-with-custom-urlsegmentfilter-rules/)
+ * [FIX Do now allow arbitary class creation in CMS](https://github.com/silverstripe/silverstripe-cms/commit/bf9b22fd4331a6f78cec12a75262f570b025ec2d) - See [announcement SS-2014-005](http://www.silverstripe.org/ss-2014-005-arbitrary-class-creation-in-cms-backend/)
+
+## General
+
+ * [Rewrote usages of error suppression operator](https://github.com/silverstripe/silverstripe-framework/commit/6d5d3d8cb7e69e0b37471b1e34077211b0f631fe)
+
+## Changelog
+
+ * [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.0.10)
+ * [cms](https://github.com/silverstripe/silverstripe-cms/releases/tag/3.0.10)
+ * [installer](https://github.com/silverstripe/silverstripe-installer/releases/tag/3.0.10)
diff --git a/docs/en/04_Changelogs/3.0.11.md b/docs/en/04_Changelogs/3.0.11.md
new file mode 100644
index 000000000..71191bd7e
--- /dev/null
+++ b/docs/en/04_Changelogs/3.0.11.md
@@ -0,0 +1,19 @@
+# 3.0.11
+
+Minor security release
+
+## Security
+
+ * 2014-04-16 [9d74bc4](https://github.com/silverstripe/sapphire/commit/9d74bc4) Potential DoS exploit in TinyMCE - See [announcement SS-2014-009](http://www.silverstripe.org/ss-2014-009-potential-dos-exploit-in-tinymce/)
+ * 2014-05-05 [9bfeffd](https://github.com/silverstripe/silverstripe-framework/commit/9bfeffd) Injection / Filesystem vulnerability in generatesecuretoken - See [announcement SS-2014-010](http://www.silverstripe.org/ss-2014-010-injection-filesystem-vulnerability-in-generatesecuretoken/)
+ * 2014-05-07 [0099a18](https://github.com/silverstripe/silverstripe-framework/commit/0099a18) Folder filename injection - See [announcement SS-2014-011](http://www.silverstripe.org/ss-2014-011-folder-filename-injection/)
+
+### Bugfixes
+
+ * 2013-06-20 [f2c4a62](https://github.com/silverstripe/sapphire/commit/f2c4a62) ConfirmedPasswordField used to expose existing hash (Hamish Friedlander)
+
+## Changelog
+
+ * [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.0.11)
+ * [cms](https://github.com/silverstripe/silverstripe-cms/releases/tag/3.0.11)
+ * [installer](https://github.com/silverstripe/silverstripe-installer/releases/tag/3.0.11)
diff --git a/docs/en/04_Changelogs/3.1.10.md b/docs/en/04_Changelogs/3.1.10.md
new file mode 100644
index 000000000..f3ba68e3d
--- /dev/null
+++ b/docs/en/04_Changelogs/3.1.10.md
@@ -0,0 +1,57 @@
+# 3.1.10
+
+## Upgrading
+
+### Form Actions
+
+Form action titles are now safely XML encoded, although this was an implicit assumption, it is now explicitly enforced.
+XML encoding titles will not cause an error, but is deprecated at framework 4.0. FormAction buttons with custom HTML
+content should be assigned using the `FormAction::setButtonContent` method instead.
+
+## Security
+
+Several medium and some low level security XSS (cross site scripting) vulnerabilites have been closed in this release.
+All users of SilverStripe framework 3.1.9 and below are advised to upgrade.
+
+ * 2015-02-10 [1db08ba](https://github.com/silverstripe/sapphire/commit/1db08ba) Fix FormAction title encoding (Damian Mooyman) -
+ See announcement [ss-2015-007](http://www.silverstripe.org/software/download/security-releases/ss-2015-007)
+ * 2015-02-10 [1db08ba](https://github.com/silverstripe/sapphire/commit/1db08ba) Core CMS XSS Vulnerability Fixes (Damian Mooyman) -
+ See announcements
+ [ss-2015-003](http://www.silverstripe.org/software/download/security-releases/ss-2015-003),
+ [ss-2015-004](http://www.silverstripe.org/software/download/security-releases/ss-2015-004),
+ [ss-2015-006](http://www.silverstripe.org/software/download/security-releases/ss-2015-006)
+ * 2015-01-22 [7733c43](https://github.com/silverstripe/silverstripe-cms/commit/7733c43) Correctly sanitise Title (Michael Strong) -
+ See announcement [SS-2015-005](http://www.silverstripe.org/software/download/security-releases/ss-2015-005)
+ * 2015-02-05 [70e0d60](https://github.com/silverstripe/sapphire/commit/70e0d60) Fix developer output in redirection script (Damian Mooyman) -
+ See announcement [SS-2015-001](http://www.silverstripe.org/software/download/security-releases/ss-2015-001)
+
+### Features and Enhancements
+
+ * 2015-01-22 [2e4bf9a](https://github.com/silverstripe/sapphire/commit/2e4bf9a) Update sake to reference new docs (Cam Findlay)
+
+### Bugfixes
+
+ * 2015-02-17 [aa77e12](https://github.com/silverstripe/sapphire/commit/aa77e12) Fixed infinity loop when searching _ss_environment (Zauberfish)
+ * 2015-02-12 [047fe3a](https://github.com/silverstripe/sapphire/commit/047fe3a) Include php version in default cache folder name Update CoreTest.php (JorisDebonnet)
+ * 2015-02-08 [a530085](https://github.com/silverstripe/silverstripe-cms/commit/a530085) External redirects shouldnt show in preview pane (Daniel Hensby)
+ * 2015-02-06 [d68435e](https://github.com/silverstripe/sapphire/commit/d68435e) SelectionGroup no longer shows empty FieldLists (Daniel Hensby)
+ * 2015-02-06 [a0f9535](https://github.com/silverstripe/sapphire/commit/a0f9535) issue where empty composite fields created a fieldlist with empty items (Daniel Hensby)
+ * 2015-02-03 [abd1e6b](https://github.com/silverstripe/sapphire/commit/abd1e6b) GridFieldExportButton should honour can method. (Will Rossiter)
+ * 2015-01-22 [eed7093](https://github.com/silverstripe/sapphire/commit/eed7093) dev/build not flushing manifests if site is in a subfolder (Loz Calver)
+ * 2015-01-19 [77ebdc2](https://github.com/silverstripe/sapphire/commit/77ebdc2) DataObject::db returned fields in incorrect order, with incorrect data types (Loz Calver)
+ * 2015-01-15 [32ce85d](https://github.com/silverstripe/sapphire/commit/32ce85d) . Summary fields can't be translated (Elvinas L.)
+ * 2015-01-13 [2e6e8af](https://github.com/silverstripe/sapphire/commit/2e6e8af) insert media trims whitespace - fixes #845 (Emma O'Keefe)
+ * 2015-01-13 [2861e7c](https://github.com/silverstripe/sapphire/commit/2861e7c) insert media trims whitespace fixes #845 (Emma O'Keefe)
+ * 2015-01-09 [ef237f6](https://github.com/silverstripe/sapphire/commit/ef237f6) Expands the CMS' centre-pane when collapsed and it's clicked. (Russell Michell)
+ * 2014-10-24 [9d78eb7](https://github.com/silverstripe/sapphire/commit/9d78eb7) Fix BasicAuth not resetting failed login counts on authentication (Damian Mooyman)
+ * 2014-10-16 [e4ddb4b](https://github.com/silverstripe/sapphire/commit/e4ddb4b) Ensure query string in X-Backurl is encoded (fixes #3563) (Loz Calver)
+ * 2014-08-25 [f823831](https://github.com/silverstripe/sapphire/commit/f823831) making minify javascript fail-safe (Igor Nadj)
+ * 2014-04-03 [5180452](https://github.com/silverstripe/sapphire/commit/5180452) Fixed handling of numbers in certain locales. Fixes #2161 (Damian Mooyman)
+
+
+## Changelog
+
+ * [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.1.10)
+ * [cms](https://github.com/silverstripe/silverstripe-cms/releases/tag/3.1.10)
+ * [installer](https://github.com/silverstripe/silverstripe-installer/releases/tag/3.1.10)
+
diff --git a/docs/en/04_Changelogs/3.1.3.md b/docs/en/04_Changelogs/3.1.3.md
new file mode 100644
index 000000000..d43eb42fb
--- /dev/null
+++ b/docs/en/04_Changelogs/3.1.3.md
@@ -0,0 +1,29 @@
+# 3.1.3
+
+## Overview
+
+ * Security: Require ADMIN for ?flush=1&isDev=1 ([SS-2014-001](http://www.silverstripe.org/ss-2014-001-require-admin-for-flush1-and-isdev1))
+ * Security: XSS in third party library (SWFUpload) ([SS-2014-002](http://www.silverstripe.org/ss-2014-002-xss-in-third-party-library-swfupload/))
+ * Security: SiteTree.ExtraMeta allows JavaScript for malicious CMS authors ([SS-2014-003](http://www.silverstripe.org/ss-2014-003-extrameta-allows-javascript-for-malicious-cms-authors-/))
+ * Better loading performance when using multiple `UploadField` instances
+ * Option for `force_js_to_bottom` on `Requirements` class (ignoring inline `