# 3.4.2

<!--- Changes below this line will be automatically regenerated -->

## Change Log

### Security

 * 2016-11-11 [4440b88](https://github.com/silverstripe/silverstripe-framework/commit/4440b887304fe80ca77366800457cbc2ac705654) Form@httpSubmission will no longer load submitted data to disabled or readonly fields (Daniel Hensby) - See [ss-2016-010](http://www.silverstripe.org/download/security-releases/ss-2016-010)
 * 2016-11-11 [61e4055](https://github.com/silverstripe/silverstripe-framework/commit/61e4055bdb13e37df6aa0d8edca0bf5d9345dc7e) Cast FormField values as Text to prevent readonly fields embeding rogue HTML (Daniel Hensby) - See [ss-2016-010](http://www.silverstripe.org/download/security-releases/ss-2016-010)
 * 2016-10-27 [17097a4](https://github.com/silverstripe/silverstripe-framework/commit/17097a4d11274b157eadf64f32708acef204d510) Properly escape backURL for template injection (Daniel Hensby) - See [ss-2016-016](http://www.silverstripe.org/download/security-releases/ss-2016-016)
 * 2016-08-02 [62a2421](https://github.com/silverstripe/silverstripe-framework/commit/62a242154ec3508fe9b174a40713c8520ac1684c) value / title escaping in CheckboxSetField and OptionsetField (Damian Mooyman) - See [ss-2016-015](http://www.silverstripe.org/download/security-releases/ss-2016-015)
 * 2016-08-02 [12a6b35](https://github.com/silverstripe/silverstripe-framework/commit/12a6b357e761f09d818fd0013eb2d85014de79a0) value / title escaping in CheckboxSetField and OptionsetField (Damian Mooyman) - See [ss-2016-015](http://www.silverstripe.org/download/security-releases/ss-2016-015)
 * 2016-08-02 [049cdef](https://github.com/silverstripe/silverstripe-framework/commit/049cdefacfd3122d59d5488c1317f999fe8aacc4) value / title escaping in CheckboxSetField and OptionsetField (Damian Mooyman) - See [ss-2016-015](http://www.silverstripe.org/download/security-releases/ss-2016-015)
 * 2016-07-25 [fa7f5af](https://github.com/silverstripe/silverstripe-framework/commit/fa7f5af8618a83c865b11fd6cc981ad9661046e6) Autologin cookies are ignored if autologin is disabled (Daniel Hensby) - See [ss-2016-014](http://www.silverstripe.org/download/security-releases/ss-2016-014)
 * 2016-07-25 [1c7d5de](https://github.com/silverstripe/silverstripe-framework/commit/1c7d5de51bcdf16ebb21c5a0ebe5fe9e31f9a822) Autologin cookies are ignored if autologin is disabled (Daniel Hensby) - See [ss-2016-014](http://www.silverstripe.org/download/security-releases/ss-2016-014)
 * 2016-07-25 [b1f4497](https://github.com/silverstripe/silverstripe-framework/commit/b1f449762b5d11658b11d5036d5ae361a95fd61e) Autologin cookies are ignored if autologin is disabled (Daniel Hensby) - See [ss-2016-014](http://www.silverstripe.org/download/security-releases/ss-2016-014)
 * 2016-07-22 [6817c57](https://github.com/silverstripe/silverstripe-framework/commit/6817c57f64b9eb2b271b81662cd83b074a3daee4) Uncasted member name (Daniel Hensby) - See [ss-2016-013](http://www.silverstripe.org/download/security-releases/ss-2016-013)
 * 2016-07-22 [281b0de](https://github.com/silverstripe/silverstripe-framework/commit/281b0de571fe0ae159ac47891c02acf2214fa619) Uncasted member name (Daniel Hensby) - See [ss-2016-013](http://www.silverstripe.org/download/security-releases/ss-2016-013)
 * 2016-07-22 [83e3302](https://github.com/silverstripe/silverstripe-framework/commit/83e3302c0425d9b0e4fe42e82e3df03379f4dca5) Uncasted member name (Daniel Hensby) - See [ss-2016-013](http://www.silverstripe.org/download/security-releases/ss-2016-013)
 * 2016-07-15 [f85dea2](https://github.com/silverstripe/silverstripe-framework/commit/f85dea2e6d5b303abd43b5e5efc07c66c8d2acf4) Reset `Member::Salt` on password change (Daniel Hensby) - See [ss-2016-008](http://www.silverstripe.org/download/security-releases/ss-2016-008)
 * 2016-07-15 [dc47f7e](https://github.com/silverstripe/silverstripe-framework/commit/dc47f7ec9adf67a3f31887467de5b110e8e5b285) Reset `Member::Salt` on password change (Daniel Hensby) - See [ss-2016-008](http://www.silverstripe.org/download/security-releases/ss-2016-008)
 * 2016-07-15 [298f615](https://github.com/silverstripe/silverstripe-framework/commit/298f61521c55b07e5c898a92264dbe111735a87a) Reset `Member::Salt` on password change (Daniel Hensby) - See [ss-2016-008](http://www.silverstripe.org/download/security-releases/ss-2016-008)
 * 2016-07-14 [6d41db7](https://github.com/silverstripe/silverstripe-framework/commit/6d41db77fa78f473db7bcff389456c980ef4e412) ChangePasswordForm does not check $member-&gt;canLogin before login (Daniel Hensby) - See [ss-2016-011](http://www.silverstripe.org/download/security-releases/ss-2016-011)
 * 2016-07-14 [6606d98](https://github.com/silverstripe/silverstripe-framework/commit/6606d986634f5b5dec16462acaa8d9a513c29fec) ChangePasswordForm does not check $member-&gt;canLogin before login (Daniel Hensby) - See [ss-2016-011](http://www.silverstripe.org/download/security-releases/ss-2016-011)
 * 2016-07-14 [2b30ade](https://github.com/silverstripe/silverstripe-framework/commit/2b30ade44d333a4da4d13b31ffa28d0a34597442) ChangePasswordForm does not check $member-&gt;canLogin before login (Daniel Hensby) - See [ss-2016-011](http://www.silverstripe.org/download/security-releases/ss-2016-011)
 * 2016-07-14 [cff2ea9](https://github.com/silverstripe/silverstripe-reports/commit/cff2ea9a98f592d80083633aef6bd082480281d9) Missing ACL check on ReportAdmin (Daniel Hensby) - See [ss-2016-012](http://www.silverstripe.org/download/security-releases/ss-2016-012)
 * 2016-07-14 [ca526b0](https://github.com/silverstripe/silverstripe-reports/commit/ca526b08c32ffe171368c1f6e456a8bfffa287d7) Missing ACL check on ReportAdmin (Daniel Hensby) - See [ss-2016-012](http://www.silverstripe.org/download/security-releases/ss-2016-012)
 * 2016-07-14 [efa20d2](https://github.com/silverstripe/silverstripe-reports/commit/efa20d2da03f80758cce7fe697c62f7f42fe098a) Missing ACL check on ReportAdmin (Daniel Hensby) - See [ss-2016-012](http://www.silverstripe.org/download/security-releases/ss-2016-012)
 * 2016-07-14 [04b4453](https://github.com/silverstripe/silverstripe-cms/commit/04b4453e041c2520d3658be1585146f79dca09d8) Missing ACL check on ReportAdmin (Daniel Hensby) - See [ss-2016-012](http://www.silverstripe.org/download/security-releases/ss-2016-012)
 * 2016-07-14 [5f73d34](https://github.com/silverstripe/silverstripe-cms/commit/5f73d3454ecbc4850e91a0a3007102f6d4d9b853) Missing ACL check on ReportAdmin (Daniel Hensby) - See [ss-2016-012](http://www.silverstripe.org/download/security-releases/ss-2016-012)
 * 2016-05-03 [3fa84cf](https://github.com/silverstripe/silverstripe-framework/commit/3fa84cf0c64a539d78600c36364817a8e38411d8) Encode user supplied URL for embeding into page (Daniel Hensby) - See [ss-2016-007](http://www.silverstripe.org/download/security-releases/ss-2016-007)

### API Changes

 * 2016-09-05 [c6457c5](https://github.com/silverstripe/silverstripe-framework/commit/c6457c50e970654b43ff009933a80a1a493186fb) Allow has_many fixtures to be declared with array format as well as many_many (#5944) (Damian Mooyman)

### Bugfixes

 * 2016-11-09 [ebae480](https://github.com/silverstripe/silverstripe-framework/commit/ebae480c662032d58a14f44055428b9309563874) Fix regression in aggregate column lookup from #6199 (Damian Mooyman)
 * 2016-11-09 [6bf36fb](https://github.com/silverstripe/silverstripe-framework/commit/6bf36fbd30c9d0e1375430e692b0e50206a0cfcb) Correct return type for Member::currentUser() (Loz Calver)
 * 2016-11-03 [edfe514](https://github.com/silverstripe/silverstripe-framework/commit/edfe514540aae0772f49225f3614ce045ad9e1d4) Ensure that builds use the 3.4 dependencies. (Sam Minnee)
 * 2016-11-03 [135a647](https://github.com/silverstripe/silverstripe-framework/commit/135a64761fac74cc7ac75640551c5a14874ade95) Ensure that builds use the 3.4 dependencies. (Sam Minnee)
 * 2016-10-30 [747bd4c](https://github.com/silverstripe/silverstripe-framework/commit/747bd4cac00383fffea66dea75f7e21e13df7088) filterAny error message now refers to correct method name (Daniel Hensby)
 * 2016-10-22 [bec5adf](https://github.com/silverstripe/silverstripe-framework/commit/bec5adf09b733904a4e8d0aa55bdc337489af533) Versioned sort by ID (Jonathon Menz)
 * 2016-10-19 [b0445f7](https://github.com/silverstripe/silverstripe-framework/commit/b0445f72e4cce324308bb32384d578e43753cd6d) Ambiguous column SQL error (Jonathon Menz)
 * 2016-10-16 [fe81607](https://github.com/silverstripe/silverstripe-framework/commit/fe816076fc5a2b3b1e497b8c51c76430311eea2c) Make simplexml_load_file work on shared php-fpm (Nicola Fontana)
 * 2016-10-11 [7368dec](https://github.com/silverstripe/silverstripe-framework/commit/7368deca8f409c5aba94a6b646d7c0ac4fbd452f) Fix issue with SS_List as datasource for dropdown field (Damian Mooyman)
 * 2016-10-07 [ae83b7b](https://github.com/silverstripe/silverstripe-cms/commit/ae83b7b5ef28df5f5b3f752435f3b36b078f619a) History controller now shows right comparison versions (Daniel Hensby)
 * 2016-10-04 [797be6a](https://github.com/silverstripe/silverstripe-framework/commit/797be6ac82f6938af06c24c99150648ff214f797) Revert natural sort (Jonathon Menz)
 * 2016-10-04 [6dde5ce](https://github.com/silverstripe/silverstripe-framework/commit/6dde5ce5718911d8e405eb590c68036ceaa6e608) Absolute alternate_base_url no longer breaks session cookies (Daniel Hensby)
 * 2016-10-03 [98d95cd](https://github.com/silverstripe/silverstripe-cms/commit/98d95cd70708ae1f15a9bf5c5a661cd66f449f2f) Sort order for duplicated child pages is now retained (Daniel Hensby)
 * 2016-09-29 [ae4108b](https://github.com/silverstripe/silverstripe-framework/commit/ae4108bf00e9503c5748c4129df7e1c3ea8c8b5f) Content-Disposition header breaks in Firefox (#4087) (Anton Smith)
 * 2016-09-19 [32d1856](https://github.com/silverstripe/silverstripe-framework/commit/32d1856d40416438c52b8eb0651814a0fd32c0eb) Debug::caller() will now handle errors from outside function calls (#6029) (Daniel Hensby)
 * 2016-09-19 [d2d770c](https://github.com/silverstripe/silverstripe-framework/commit/d2d770c6fbaeb3ea209853dd44017198a6232c01) Frontend UploadField wouldn't call ssdialog (Cristian Torres)
 * 2016-09-14 [cd8904e](https://github.com/silverstripe/silverstripe-framework/commit/cd8904e0454617b243c8e89c06c694844817f212) ing button destroy bug (3Dgoo)
 * 2016-09-12 [a14df0b](https://github.com/silverstripe/silverstripe-framework/commit/a14df0bc2d08f953ff7dd6f57899dbf260ab13a5) Force line endings to LF on sake file (Daniel Hensby)
 * 2016-09-06 [e7ecf6c](https://github.com/silverstripe/silverstripe-framework/commit/e7ecf6cf15d4b3d4adaf0a415a5c4f9f2a15a003) Bad strpos call in HTTP::register_etag() (Daniel Hensby)
 * 2016-09-01 [f2ed59e](https://github.com/silverstripe/silverstripe-framework/commit/f2ed59e1851b4506f02994dd4a1f3ffa86938cb9) Empty dmyfields on DateField now validate as true (Daniel Hensby)
 * 2016-08-22 [59be597](https://github.com/silverstripe/silverstripe-cms/commit/59be597004da21064e51c6237fbb451628bebf66) #1052 (Daniel Hensby)
 * 2016-08-22 [4998b80](https://github.com/silverstripe/silverstripe-framework/commit/4998b8044530a83c617194d544b76a98f742386e) ArrayList sorting now caseinsensitive (Daniel Hensby)
 * 2016-08-15 [95c640a](https://github.com/silverstripe/silverstripe-cms/commit/95c640ae6b5620be83d38e8060317554bc0820ed) Fix regression in FormField casting (Damian Mooyman)
 * 2016-08-15 [5ad8157](https://github.com/silverstripe/silverstripe-cms/commit/5ad8157655a5dd581cbc90a95e8588907794a9c9) Fix regression in FormField casting (Damian Mooyman)
 * 2016-08-15 [a6a9cd7](https://github.com/silverstripe/silverstripe-cms/commit/a6a9cd729fd24b19f7b39fdeb867a491489687e0) Fix regression in FormField casting (Damian Mooyman)
 * 2016-08-11 [d4114b3](https://github.com/silverstripe/silverstripe-framework/commit/d4114b3dce73ffaf786af7ce76f2e1c6f1483d47) include related fields on canFilter() check (Jonathon Menz)
 * 2016-08-09 [63fc4db](https://github.com/silverstripe/silverstripe-cms/commit/63fc4dbcaebcc7063f8075681d8b1f09608afe1c) Fix extra border in page settings (Damian Mooyman)
 * 2016-07-28 [56f0b72](https://github.com/silverstripe/silverstripe-framework/commit/56f0b72e8dbf5b7205ae12c80e0f4c9a0614d1a2) ETag header now properly quoted (Daniel Hensby)