# 3.2.0 (unreleased) ## Overview ### CMS * Moved SS_Report and ReportAdmin out to a separate module. If you're using composer or downloading a release, this module should be included for you. Otherwise, you'll need to include the module yourself (https://github.com/silverstripe-labs/silverstripe-reports) ### Framework * API: Removed URL routing by controller name * Security: The multiple authenticator login page should now be styled manually - i.e. without the default jQuery UI layout. A new template, Security_MultiAuthenticatorLogin.ss is available. * Security: This controller's templates can be customised by overriding the `getTemplate` function. ## Details ### API: Removed URL routing by controller name The auto-routing of controller class names to URL endpoints has been removed (rule: `'$Controller//$Action/$ID/$OtherID': '*'`). This increases clarity in routing since it makes URL entpoints explicit, and thereby simplifies system and security reviews. Please access any custom controllers exclusively through self-defined [routes](/reference/director). For controllers extending `Page_Controller`, simply use the provided page URLs. :::php class MyController extends Controller { static $allowed_actions = array('myaction'); public function myaction($request) { // ... } } Create a new file `mysite/_config/routes.yml` (read more about the [config format](/topics/configuration)). Your controller is now available on `http://yourdomain.com/my-controller-endpoint`, after refreshing the configuration cache through `?flush=all`. :::yaml --- Name: my-routes After: framework/routes#coreroutes --- Director: rules: 'my-controller-endpoint//$Action' : 'MyController' The auto-routing is still in place for unit tests, since its a frequently used feature there. Although we advise against it, you can reinstate the old behaviour through a director rule: :::yaml --- Name: my-routes After: framework/routes#coreroutes --- Director: rules: '$Controller//$Action/$ID/$OtherID': '*'