mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
29 lines
1.6 KiB
Markdown
29 lines
1.6 KiB
Markdown
# 3.1.3-rc1
|
|
|
|
## Overview
|
|
|
|
* Security: Require ADMIN for ?flush=1&isDev=1 ([SS-2014-001](http://www.silverstripe.org/ss-2014-001-require-admin-for-flush1-and-isdev1))
|
|
* Security: XSS in third party library (SWFUpload) ([SS-2014-002](http://www.silverstripe.org/ss-2014-002-xss-in-third-party-library-swfupload/))
|
|
* Security: SiteTree.ExtraMeta allows JavaScript for malicious CMS authors ([SS-2014-003](http://www.silverstripe.org/ss-2014-003-extrameta-allows-javascript-for-malicious-cms-authors-/))
|
|
* Better loading performance when using multiple `UploadField` instances
|
|
* Option for `force_js_to_bottom` on `Requirements` class (ignoring inline `<script>` tags)
|
|
* Added `ListDecorator->filterByCallback()` for more sophisticated filtering
|
|
* New `DataList` filters: `LessThanOrEqualFilter` and `GreaterThanOrEqualFilter`
|
|
* "Cancel" button on "Add Page" form
|
|
* Better code hinting on magic properties (for IDE autocompletion)
|
|
* Increased Behat test coverage (editing HTML content, managing page permissions)
|
|
* Support for PHPUnit 3.8
|
|
|
|
## Upgrading
|
|
|
|
### SiteTree.ExtraMeta allows JavaScript for malicious CMS authors
|
|
|
|
If you have previously used the `SiteTree.ExtraMeta` field for `<head>` markup
|
|
other than its intended use case (`<meta>` and `<link>`), please consult
|
|
[SS-2014-003](http://www.silverstripe.org/ss-2014-003-extrameta-allows-javascript-for-malicious-cms-authors-/).
|
|
|
|
## Changelog
|
|
|
|
* [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.1.3-rc1)
|
|
* [cms](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.1.3-rc1)
|
|
* [installer](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.1.3-rc1) |