# 3.3.0

## Upgrading notes

### New permission model for Versioned DataObjects

When adding the `Versioned` extension to dataobjects, typically it's necessary to explicitly declare
permissions on these objects in order to prevent un-published content surfacing to unauthenticated users.

In order to better support this, versioned by default will now deny canView permissions on objects
that are not published.

For more information on how to customise the permission model for versioned dataobjects then please
refer to the [versioned extension documentation](../developer_guides/model/versioning).

### Block ?stage=Stage for unauthenticated users

By default users must now be logged in with CMS access permissions in order to change the viewing
mode of the site frontend using the `?stage` querystring parameter.

This permission can be customised by altering the `Versioned.non_live_permissions`
config by assigning a different set of permissions.
<!--- Changes below this line will be automatically regenerated -->

## Change Log

### Security

 * 2016-02-17 [893e497](https://github.com/silverstripe/silverstripe-framework/commit/893e49703de4aa1855b5364919cbb0826f754fbf) Hostname, IP and Protocol Spoofing through HTTP Headers (Ingo Schommer) - See [ss-2016-003](http://www.silverstripe.org/download/security-releases/ss-2016-003)
 * 2016-02-17 [3398f67](https://github.com/silverstripe/silverstripe-framework/commit/3398f670d881447f8777b567f1ead7c0d8d253f5) Block unauthenticated access to dev/build/defaults (Damian Mooyman) - See [ss-2015-028](http://www.silverstripe.org/download/security-releases/ss-2015-028)
 * 2016-02-17 [56e92f5](https://github.com/silverstripe/silverstripe-framework/commit/56e92f5a32e45849cc9361c8603c31d7010c9d36) Ensure Gridfield actions respect CSRF (Damian Mooyman) - See [ss-2016-002](http://www.silverstripe.org/download/security-releases/ss-2016-002)

### API Changes

 * 2015-12-07 [38e154a](https://github.com/silverstripe/silverstripe-framework/commit/38e154af0aae89a36f4d3906612ea4bbbf726177) Disable get parameter access to site stage mode (Damian Mooyman)
 * 2015-12-02 [5353ac5](https://github.com/silverstripe/silverstripe-cms/commit/5353ac5315703240540c9cde0f5c8eeb5571bc19) Refactor versioned security into core module (Damian Mooyman)
 * 2015-12-02 [6089a7c](https://github.com/silverstripe/silverstripe-framework/commit/6089a7c5bd25d6591deb154f1a34908fa91ac198) Create default security permission model for versioned data objects (Damian Mooyman)
 * 2015-11-26 [6266f90](https://github.com/silverstripe/silverstripe-framework/commit/6266f909e0c098652582af44ea64f031ea9cdcea) Increased Permission.Code db field to 255 characters (Novusvetus)
 * 2015-07-20 [ea9434f](https://github.com/silverstripe/silverstripe-framework/commit/ea9434ffeba8d5fbb1dfe38d76f3fed403a9886e) Lazy load template parser (Loz Calver)

### Features and Enhancements

 * 2015-12-14 [9467ab9](https://github.com/silverstripe/silverstripe-framework/commit/9467ab9a7e717cece3cee1693b16a055b58526ef) Implement unshift() in field list classes (closes #4834) (Loz Calver)
 * 2015-12-01 [f7c270a](https://github.com/silverstripe/silverstripe-framework/commit/f7c270a3bad984910fa84f552dfa8b99324afb16) Use Config for determining Vary header (Marcus Nyeholt)
 * 2015-11-10 [603cacc](https://github.com/silverstripe/silverstripe-framework/commit/603caccb90006b3a0592b129687659571112b9a8) CurrencyField to use Currency.currency_symbol (muskie9)
 * 2015-09-25 [5c04dc5](https://github.com/silverstripe/silverstripe-framework/commit/5c04dc5d673aa11249310bcb6e382db4ee2bff7f) - Added new method to display the number of total items in a paginated list within templates (Marco Kernler)
 * 2015-08-14 [1b57e0c](https://github.com/silverstripe/silverstripe-framework/commit/1b57e0ca5bdb5d80d6f78686669441ad8b2c9420) implement getter and setter usage for response (Stevie Mayhew)

### Bugfixes

 * 2016-02-09 [2ad490c](https://github.com/silverstripe/silverstripe-cms/commit/2ad490c3e2d256d8dcd16398631c114aa2a3370e) Prevent folders deleted on the filesystem from breaking asset interface (Damian Mooyman)
 * 2016-01-22 [f80467a](https://github.com/silverstripe/silverstripe-cms/commit/f80467a74859fba58be835a878ceddbbb4601b42) Don't keep stale treeview data when refreshing Content area (Damian Mooyman)
 * 2016-01-21 [e364fdb](https://github.com/silverstripe/silverstripe-cms/commit/e364fdb794896b5c6b4810d84c0dfac75d80b53b) Fix incorrect "Add Page" button selector (Damian Mooyman)
 * 2016-01-20 [abc5556](https://github.com/silverstripe/silverstripe-cms/commit/abc5556520f891d0e3f5cf3d2c3838a194ac5335) Fix legacy breadcrumbs appearing on page save (Damian Mooyman)
 * 2016-01-20 [df76d78](https://github.com/silverstripe/silverstripe-framework/commit/df76d783fe1f7baaeed67a7c6d63235facd364cd) Fix VersionedTest sometimes failing given certain querystring arguments (Damian Mooyman)
 * 2016-01-20 [7c4e6f4](https://github.com/silverstripe/silverstripe-cms/commit/7c4e6f4b60567268ed879081823598438c90e729) prevent "Home page" being selected when no selection was made (Damian Mooyman)
 * 2016-01-02 [b30d335](https://github.com/silverstripe/silverstripe-cms/commit/b30d33585f4640950dc573b9fa283c0db7b5f14c) Adding context parameter to canCreate-check in getClassDropdown of SiteTree (fixes #1334) (Stephan Bauer)
 * 2016-01-02 [95e96fa](https://github.com/silverstripe/silverstripe-framework/commit/95e96fa2b2d0db9e26f8c716ee3d5e1a26ee09df) jquery.jstree patched to improve drag-and-drop handling (fixes #4881) (Stephan Bauer)
 * 2015-12-22 [706877d](https://github.com/silverstripe/silverstripe-framework/commit/706877d72e6d64fd1093aa538cebad2311cbeca9) Get locale from &lt;html&gt; element for i18n.js (fixes #4854) (Loz Calver)
 * 2015-12-22 [54ae002](https://github.com/silverstripe/silverstripe-cms/commit/54ae002d193d7677ff7a99527b37cbb6faa09343) FIx merge regressions in versioned tests (Damian Mooyman)
 * 2015-12-22 [fce8251](https://github.com/silverstripe/silverstripe-framework/commit/fce82519bd6fcc313677b3687852ce15a3d5d202) Workaround for issues in testing version (Damian Mooyman)
 * 2015-12-17 [36241d5](https://github.com/silverstripe-labs/silverstripe-reports/commit/36241d52a08ebce841f50fff91f3e4f4ac591be4) Fix regressions is SS_Report::canView (Damian Mooyman)
 * 2015-12-15 [cd66917](https://github.com/silverstripe/silverstripe-framework/commit/cd66917a867275f3baf4c07efe2513db1ac92822) Vimeo oEmbed endpoint redirecting to no www (UndefinedOffset)
 * 2015-12-15 [5d0f833](https://github.com/silverstripe-labs/silverstripe-reports/commit/5d0f833a397a2ce937e25b6a7c0350fdabdac63c) SS_Report canView should check permissions (Christopher Darling)
 * 2015-12-09 [fa0160a](https://github.com/silverstripe/silverstripe-framework/commit/fa0160a874c536528d8300e034a7aa8bb6e23989) Fix regression in canViewStage (Damian Mooyman)
 * 2015-11-24 [15ae37c](https://github.com/silverstripe/silverstripe-framework/commit/15ae37cf0351b654b5115183ab5a991c316e17e0) Image_Cached record class name (Jonathon Menz)
 * 2015-10-31 [275ecfd](https://github.com/silverstripe/silverstripe-framework/commit/275ecfd8a95d4f7a025bb5025bb8d729a0e9eb70) Use `Object-&gt;hasMethod()` instead of `method_exists()` (madmatt)
 * 2015-10-07 [71defe7](https://github.com/silverstripe/silverstripe-siteconfig/commit/71defe79b3e4fe7343f892ddf3aa8654725202c4) for #5 to facilitate validation on SiteConfig via DataExtension's. (Patrick Nelson)
 * 2015-10-06 [a71d99c](https://github.com/silverstripe/silverstripe-framework/commit/a71d99cf8445a906ccd9b13242d36ae1e6a75d74) for #4663 ensuring return values from TabSet are retained from parent. Removing useless override. Cleaning up documentation in TabSet and return types. (Patrick Nelson)
 * 2015-10-05 [12c4239](https://github.com/silverstripe/silverstripe-framework/commit/12c423909f721c6f5223007ad5e7ba6c162d63a4) (partial) for #3181 where non-submit buttons are being activated on "enter" key press (relates to CMS issue at https://github.com/silverstripe/silverstripe-cms/issues/1288). (Patrick Nelson)
 * 2015-10-05 [332e490](https://github.com/silverstripe/silverstripe-cms/commit/332e4901478bf76705c7175e4af10b91d4c3b30f) (partial) for #1288 where non-submit buttons are being activated on "enter" key press (relates to framework issue at https://github.com/silverstripe/silverstripe-framework/issues/3181). (Patrick Nelson)
 * 2015-10-05 [4a70ffe](https://github.com/silverstripe/silverstripe-framework/commit/4a70ffea0687c8c83b6210856e4c10f5aff0a883) Typo in cur methods PHPDoc (Corey Sewell)
 * 2015-09-29 [5224fc4](https://github.com/silverstripe/silverstripe-framework/commit/5224fc460c6155c4f2253f42d88729b8f31066f6) Permission::checkMember() use of undefined variable $codes (Manuel Teuber)
 * 2015-09-24 [c0be44d](https://github.com/silverstripe/silverstripe-framework/commit/c0be44d238c45853503fe1550fba0460a9a0f05c) fix response regression in initiation of request handler (Stevie Mayhew)
 * 2015-09-17 [c9ba6e5](https://github.com/silverstripe/silverstripe-framework/commit/c9ba6e5d0064bfb09ebdb9e5f7054f8c3179f99a) Fix ClassInfo::table_for_object_field (Damian Mooyman)
 * 2015-09-11 [5cc0878](https://github.com/silverstripe/silverstripe-framework/commit/5cc0878dc1feead47ead82c8f2beca02eefa102b) for #4597: Ensuring GridFieldConfig_RelationEditor is instantiated via Injector, not via "new" keyword. (Patrick Nelson)
 * 2015-09-02 [2ae5d83](https://github.com/silverstripe/silverstripe-framework/commit/2ae5d83f08b994458aa93625e4ec7cb7f258bbae) Resampled images inherit source properties (Jonathon Menz)
 * 2015-08-24 [80ce549](https://github.com/silverstripe/silverstripe-framework/commit/80ce5498d84088f8992de3f979071456e7d71746) disable archived pages from being droppable (Damian Mooyman)
 * 2015-08-21 [b14794b](https://github.com/silverstripe/silverstripe-framework/commit/b14794b780b30d5a6d39df9ed080135ff25045a8) Fix bulk actions making sitetree unclickable (Damian Mooyman)
 * 2015-08-19 [a19fe39](https://github.com/silverstripe/silverstripe-framework/commit/a19fe39301f8a6a2e80e9a9d294c425b8699dc0c) Avoid PHP 5.6 deprecation with access to HTTP_RAW_POST_DATA. Fixed #4511 (Sam Minnee)
 * 2015-07-31 [6a45f4a](https://github.com/silverstripe/silverstripe-framework/commit/6a45f4a1e125b1a75d042e59b38824b24fd3cd0f) fix mismatched quotes (Damian Mooyman)
 * 2015-06-15 [ca039e1](https://github.com/silverstripe/silverstripe-framework/commit/ca039e15ef7306d7b56d64d93892d2fb6173fcf7) Fix regressions in changes to batch action feature (David Craig)
 * 2015-06-11 [8a4c518](https://github.com/silverstripe/silverstripe-framework/commit/8a4c51893b345f7653e77acdd3667bbe61346784) allow for increase_time_limit_to to work if $_increase_time_limit_max is not yet set (Stevie Mayhew)