# 3.1.0-rc2

## Overview

### Security: Privilege escalation through Group hierarchy setting (SS-2013-003)

See [announcement](http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/)

### Security: Privilege escalation through Group and Member CSV upload (SS-2013-004)

See [announcement](http://www.silverstripe.org/ss-2013-004-privilege-escalation-through-group-and-member-csv-upload/)

### Security: Privilege escalation through APPLY_ROLES assignment (SS-2013-005)

See [announcement](http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/)

## Changelog

### Bugfixes

 * 2013-08-30 [091c096](https://github.com/silverstripe/sapphire/commit/091c096) Disallow permissions assign for APPLY_ROLES (SS-2013-005) (Ingo Schommer)
 * 2013-08-30 [cfa88ad](https://github.com/silverstripe/sapphire/commit/cfa88ad) Privilege escalation through APPLY_ROLES assignment (SS-2013-005) (Ingo Schommer)
 * 2013-08-30 [46556b6](https://github.com/silverstripe/sapphire/commit/46556b6) Privilege escalation through Group and Member CSV upload (SS-2013-004) (Ingo Schommer)
 * 2013-08-30 [68ca47b](https://github.com/silverstripe/sapphire/commit/68ca47b) Privilege escalation through Group hierarchy setting (SS-2013-003) (Ingo Schommer)
 * 2013-08-23 [1461ae9](https://github.com/silverstripe/sapphire/commit/1461ae9) Fix regression in IE no-cache https file downloads. (Mateusz Uzdowski)
 * 2013-08-22 [45c1d2b](https://github.com/silverstripe/sapphire/commit/45c1d2b) webfonts in preview iframe breaking admin fonts (Hamish Friedlander)
 * 2013-08-21 [a2026ad](https://github.com/silverstripe/sapphire/commit/a2026ad) flushing on non-dev when Session::cookie_secure is true (Hamish Friedlander)
 * 2013-08-20 [1c31c09](https://github.com/silverstripe/sapphire/commit/1c31c09) Correct Zend_Locale fallbacks in i18n/DateField/DateTimeField (Ingo Schommer)
 * 2013-08-20 [68d8ec3](https://github.com/silverstripe/sapphire/commit/68d8ec3) Memory leaks in jstree drag & drop (Hamish Friedlander)
 * 2013-08-20 [fda4b91](https://github.com/silverstripe/sapphire/commit/fda4b91) Make sure CurrentXHR is set back to null on completion (Hamish Friedlander)
 * 2013-08-20 [e282f0b](https://github.com/silverstripe/sapphire/commit/e282f0b) Two memory leaks with HtmlEditorField (Hamish Friedlander)
 * 2013-08-19 [4a7aef0](https://github.com/silverstripe/sapphire/commit/4a7aef0) Double slashes in ParameterConfirmationToken (Hamish Friedlander)
 * 2013-08-15 [0ca4969](https://github.com/silverstripe/sapphire/commit/0ca4969) Dont update preview iframe if hidden (Hamish Friedlander)
 * 2013-08-12 [c59305d](https://github.com/silverstripe/sapphire/commit/c59305d) Multiple redraw calls on navigation (Hamish Friedlander)
 * 2013-08-09 [b1664f8](https://github.com/silverstripe/silverstripe-cms/commit/b1664f8) Check for stage and drafts in SiteTree::canView() (Simon Welsh)
 * 2013-08-08 [2fae928](https://github.com/silverstripe/silverstripe-cms/commit/2fae928) ArchiveDate enforcement (Hamish Friedlander)
 * 2013-08-07 [fb67181](https://github.com/silverstripe/sapphire/commit/fb67181) Context menu too long - CSS only (Fixes CMS #811) (Naomi Guyer)
 * 2013-08-07 [71608f0](https://github.com/silverstripe/silverstripe-cms/commit/71608f0) Add SiteTree link tracking as an extension, and apply to SiteTree itself (Hamish Friedlander)