silverstripe-framework/docs/en/04_Changelogs/4.5.0.md
Aaron Carlino da6582f593 NEW: Remove web installer, move to separate package (#9231)
* Remove installer

* Remove exposed install files

* Replace Dev/Install classes still in use

* Update changelog

* FIX make the grid field actions consistent to what they look like on pages

Resolves https://github.com/silverstripe/silverstripe-admin/issues/904

* Docs changes
2019-09-11 13:10:25 +12:00

2.7 KiB

4.5.0 (Unreleased)

Overview

Installer UI has been removed

Until now, core releases of SilverStripe would put drop an install.php file in the public root that, when accessed with a browser, would offer an installation UI prompting the user for all the necessary configuration of your project and environment, and validating it before performing the installation.

While this may be an important part of the onboarding experience for newcomers to SilverStripe, it is an unnecessary artefact and potential security risk for the vast majority of developers who install SilverStripe with composer and their own environment files.

The installer UI will continue to live on under the name "installer-wizard" in a separate package, which can be added incrementally to core recipe installation, using composer require silverstripe/installer-wizard. It is no longer a commercially supported module.

Generic login form styling

Login forms in SilverStripe are traditionally embedded in your page template. This often requires style adjustments in your website, for example to cover variations such as error messages and validation feedback. It also complicates more advanced login flows such as multi-factor authentication.

Starting with this release, new installations include the silverstripe/login-forms module. It provides generic styles which look great without any adjustments. You can choose to add your own logo, or customise the templates. The URLs to login functionality have not changed (e.g. Security/login).

Existing SilverStripe websites upgrading to this release can opt in to using login forms via composer:

composer require silverstripe/login-forms

Note that any customisations you might have in Page.ss or Layout/Security.ss no longer apply when this module is installed. If you have customised the login process by adding form fields, or through custom handlers such as SAML or LDAP, you'll need to review those before starting to use the module.

Deprecation

  • PasswordValidator methods minLength, characterStrength, and checkHistoricalPasswords are now deprecated from 4.5.0 onwards (previously 5.0).