mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
89 lines
11 KiB
Markdown
89 lines
11 KiB
Markdown
# 3.3.0-beta1
|
||
|
||
## Upgrading notes
|
||
|
||
### New permission model for Versioned DataObjects
|
||
|
||
When adding the `Versioned` extension to dataobjects, typically it's necessary to explicitly declare
|
||
permissions on these objects in order to prevent un-published content surfacing to unauthenticated users.
|
||
|
||
In order to better support this, versioned by default will now deny canView permissions on objects
|
||
that are not published.
|
||
|
||
For more information on how to customise the permission model for versioned dataobjects then please
|
||
refer to the [versioned extension documentation](../../developer_guides/model/versioning).
|
||
|
||
### Block ?stage=Stage for unauthenticated users
|
||
|
||
By default users must now be logged in with CMS access permissions in order to change the viewing
|
||
mode of the site frontend using the `?stage` querystring parameter.
|
||
|
||
This permission can be customised by altering the `Versioned.non_live_permissions`
|
||
config by assigning a different set of permissions.
|
||
|
||
<!--- Changes below this line will be automatically regenerated -->
|
||
|
||
## Change Log
|
||
|
||
### Security
|
||
|
||
* 2015-11-11 [245e0aa](https://github.com/silverstripe/silverstripe-framework/commit/245e0aae2f5f3eb0acba1d198ad8e196bb224462) Fix FormField error messages not being encoded safely (Damian Mooyman) - See [ss-2015-026](http://www.silverstripe.org/download/security-releases/ss-2015-026)
|
||
* 2015-11-09 [53b3bc7](https://github.com/silverstripe/silverstripe-framework/commit/53b3bc707bcccb8f5e5060f85ab1398a0975bba2) Dont expose class on error (Hamish Friedlander) - See [ss-2015-025](http://www.silverstripe.org/download/security-releases/ss-2015-025)
|
||
* 2015-11-01 [ac4342d](https://github.com/silverstripe/silverstripe-framework/commit/ac4342d81d19201bd8d3814f168240db1ac565fe) XML escape RSSFeed $link parameter (Ingo Schommer) - See [ss-2015-022](http://www.silverstripe.org/download/security-releases/ss-2015-022)
|
||
* 2015-10-28 [97f21fd](https://github.com/silverstripe/silverstripe-framework/commit/97f21fddb3c565052f19ee3b35366f48e1e9a36f) Fix rewrite hash links XSS (Damian Mooyman) - See [ss-2015-021](http://www.silverstripe.org/download/security-releases/ss-2015-021)
|
||
|
||
### API Changes
|
||
|
||
* 2015-12-07 [38e154a](https://github.com/silverstripe/silverstripe-framework/commit/38e154af0aae89a36f4d3906612ea4bbbf726177) Disable get parameter access to site stage mode (Damian Mooyman)
|
||
* 2015-12-02 [5353ac5](https://github.com/silverstripe/silverstripe-cms/commit/5353ac5315703240540c9cde0f5c8eeb5571bc19) Refactor versioned security into core module (Damian Mooyman)
|
||
* 2015-12-02 [6089a7c](https://github.com/silverstripe/silverstripe-framework/commit/6089a7c5bd25d6591deb154f1a34908fa91ac198) Create default security permission model for versioned data objects (Damian Mooyman)
|
||
* 2015-11-26 [6266f90](https://github.com/silverstripe/silverstripe-framework/commit/6266f909e0c098652582af44ea64f031ea9cdcea) Increased Permission.Code db field to 255 characters (Novusvetus)
|
||
* 2015-07-20 [ea9434f](https://github.com/silverstripe/silverstripe-framework/commit/ea9434ffeba8d5fbb1dfe38d76f3fed403a9886e) Lazy load template parser (Loz Calver)
|
||
|
||
### Features and Enhancements
|
||
|
||
* 2015-12-14 [9467ab9](https://github.com/silverstripe/silverstripe-framework/commit/9467ab9a7e717cece3cee1693b16a055b58526ef) Implement unshift() in field list classes (closes #4834) (Loz Calver)
|
||
* 2015-12-01 [f7c270a](https://github.com/silverstripe/silverstripe-framework/commit/f7c270a3bad984910fa84f552dfa8b99324afb16) Use Config for determining Vary header (Marcus Nyeholt)
|
||
* 2015-11-10 [603cacc](https://github.com/silverstripe/silverstripe-framework/commit/603caccb90006b3a0592b129687659571112b9a8) CurrencyField to use Currency.currency_symbol (muskie9)
|
||
* 2015-09-25 [5c04dc5](https://github.com/silverstripe/silverstripe-framework/commit/5c04dc5d673aa11249310bcb6e382db4ee2bff7f) - Added new method to display the number of total items in a paginated list within templates (Marco Kernler)
|
||
* 2015-08-14 [1b57e0c](https://github.com/silverstripe/silverstripe-framework/commit/1b57e0ca5bdb5d80d6f78686669441ad8b2c9420) implement getter and setter usage for response (Stevie Mayhew)
|
||
|
||
### Bugfixes
|
||
|
||
* 2015-12-22 [706877d](https://github.com/silverstripe/silverstripe-framework/commit/706877d72e6d64fd1093aa538cebad2311cbeca9) Get locale from <html> element for i18n.js (fixes #4854) (Loz Calver)
|
||
* 2015-12-22 [54ae002](https://github.com/silverstripe/silverstripe-cms/commit/54ae002d193d7677ff7a99527b37cbb6faa09343) FIx merge regressions in versioned tests (Damian Mooyman)
|
||
* 2015-12-22 [fce8251](https://github.com/silverstripe/silverstripe-framework/commit/fce82519bd6fcc313677b3687852ce15a3d5d202) Workaround for issues in testing version (Damian Mooyman)
|
||
* 2015-12-17 [36241d5](https://github.com/silverstripe-labs/silverstripe-reports/commit/36241d52a08ebce841f50fff91f3e4f4ac591be4) Fix regressions is SS_Report::canView (Damian Mooyman)
|
||
* 2015-12-15 [afbb5cf](https://github.com/silverstripe/silverstripe-framework/commit/afbb5cfed4d29aea5868f0f12cd735dc5abe10d3) Vimeo oEmbed endpoint redirecting to no www (UndefinedOffset)
|
||
* 2015-12-15 [cd66917](https://github.com/silverstripe/silverstripe-framework/commit/cd66917a867275f3baf4c07efe2513db1ac92822) Vimeo oEmbed endpoint redirecting to no www (UndefinedOffset)
|
||
* 2015-12-15 [5d0f833](https://github.com/silverstripe-labs/silverstripe-reports/commit/5d0f833a397a2ce937e25b6a7c0350fdabdac63c) SS_Report canView should check permissions (Christopher Darling)
|
||
* 2015-12-14 [d265c9b](https://github.com/silverstripe/silverstripe-framework/commit/d265c9b733ddac27d6df286ce000b09e1c69b986) Allow omitting a value for OptionsetField submissions (fixes #4824) (Loz Calver)
|
||
* 2015-12-11 [5a21b2f](https://github.com/silverstripe/silverstripe-framework/commit/5a21b2fb15ed9c675594f0f990765bd4f97155c7) Guard against users being added to all groups on unsaved Group. (Mateusz Uzdowski)
|
||
* 2015-12-09 [fa0160a](https://github.com/silverstripe/silverstripe-framework/commit/fa0160a874c536528d8300e034a7aa8bb6e23989) Fix regression in canViewStage (Damian Mooyman)
|
||
* 2015-11-27 [94742fa](https://github.com/silverstripe/silverstripe-framework/commit/94742fa3e2efad8f77f4acd1f9d06bf74916c5e6) Revert method visibility regression (Damian Mooyman)
|
||
* 2015-11-24 [15ae37c](https://github.com/silverstripe/silverstripe-framework/commit/15ae37cf0351b654b5115183ab5a991c316e17e0) Image_Cached record class name (Jonathon Menz)
|
||
* 2015-11-17 [68d99be](https://github.com/silverstripe/silverstripe-framework/commit/68d99be24b63a933f041cd80a248a7b7fa8d588c) Hidden errors for composite fields nested inside FieldGroups (fixes #4773) (Loz Calver)
|
||
* 2015-11-17 [97e90b8](https://github.com/silverstripe/silverstripe-cms/commit/97e90b8ebd8078bb60ecea66bdd3761380f93a61) RedirectorPage toggles not working (fixes #1328) (Loz Calver)
|
||
* 2015-11-17 [b624eb9](https://github.com/silverstripe/silverstripe-cms/commit/b624eb98f1d1ff36811a3294ad29b31a50683d60) Setting target for unwritten VirtualPage breaks write (Loz Calver)
|
||
* 2015-11-16 [2983d82](https://github.com/silverstripe/silverstripe-cms/commit/2983d823d1eef293ef11aac9e01336e23ed52b59) Ensure VirtualPage forwards request/response data to virtual controllers (fixes #1329) (Loz Calver)
|
||
* 2015-11-12 [fea1158](https://github.com/silverstripe/silverstripe-framework/commit/fea1158d193ed4d037df94101e3b3f2d24a6ce49) Fix print button only displaying first page (Damian Mooyman)
|
||
* 2015-11-11 [a40812a](https://github.com/silverstripe/silverstripe-framework/commit/a40812ac3320d27f243ef0ed54aa003fc53720b6) Don’t reuse DBConnector (fixes #4735) (Sam Minnee)
|
||
* 2015-11-05 [f577ecb](https://github.com/silverstripe/silverstripe-framework/commit/f577ecb81149d0d09dc846204f17b2153a244b5a) prevent use cache on browser back button (Igor Nadj)
|
||
* 2015-10-31 [275ecfd](https://github.com/silverstripe/silverstripe-framework/commit/275ecfd8a95d4f7a025bb5025bb8d729a0e9eb70) Use `Object->hasMethod()` instead of `method_exists()` (madmatt)
|
||
* 2015-10-07 [71defe7](https://github.com/silverstripe/silverstripe-siteconfig/commit/71defe79b3e4fe7343f892ddf3aa8654725202c4) for #5 to facilitate validation on SiteConfig via DataExtension's. (Patrick Nelson)
|
||
* 2015-10-06 [a71d99c](https://github.com/silverstripe/silverstripe-framework/commit/a71d99cf8445a906ccd9b13242d36ae1e6a75d74) for #4663 ensuring return values from TabSet are retained from parent. Removing useless override. Cleaning up documentation in TabSet and return types. (Patrick Nelson)
|
||
* 2015-10-05 [12c4239](https://github.com/silverstripe/silverstripe-framework/commit/12c423909f721c6f5223007ad5e7ba6c162d63a4) (partial) for #3181 where non-submit buttons are being activated on "enter" key press (relates to CMS issue at https://github.com/silverstripe/silverstripe-cms/issues/1288). (Patrick Nelson)
|
||
* 2015-10-05 [332e490](https://github.com/silverstripe/silverstripe-cms/commit/332e4901478bf76705c7175e4af10b91d4c3b30f) (partial) for #1288 where non-submit buttons are being activated on "enter" key press (relates to framework issue at https://github.com/silverstripe/silverstripe-framework/issues/3181). (Patrick Nelson)
|
||
* 2015-10-05 [4a70ffe](https://github.com/silverstripe/silverstripe-framework/commit/4a70ffea0687c8c83b6210856e4c10f5aff0a883) Typo in cur methods PHPDoc (Corey Sewell)
|
||
* 2015-09-29 [5224fc4](https://github.com/silverstripe/silverstripe-framework/commit/5224fc460c6155c4f2253f42d88729b8f31066f6) Permission::checkMember() use of undefined variable $codes (Manuel Teuber)
|
||
* 2015-09-24 [c0be44d](https://github.com/silverstripe/silverstripe-framework/commit/c0be44d238c45853503fe1550fba0460a9a0f05c) fix response regression in initiation of request handler (Stevie Mayhew)
|
||
* 2015-09-17 [c9ba6e5](https://github.com/silverstripe/silverstripe-framework/commit/c9ba6e5d0064bfb09ebdb9e5f7054f8c3179f99a) Fix ClassInfo::table_for_object_field (Damian Mooyman)
|
||
* 2015-09-11 [5cc0878](https://github.com/silverstripe/silverstripe-framework/commit/5cc0878dc1feead47ead82c8f2beca02eefa102b) for #4597: Ensuring GridFieldConfig_RelationEditor is instantiated via Injector, not via "new" keyword. (Patrick Nelson)
|
||
* 2015-09-02 [2ae5d83](https://github.com/silverstripe/silverstripe-framework/commit/2ae5d83f08b994458aa93625e4ec7cb7f258bbae) Resampled images inherit source properties (Jonathon Menz)
|
||
* 2015-08-24 [80ce549](https://github.com/silverstripe/silverstripe-framework/commit/80ce5498d84088f8992de3f979071456e7d71746) disable archived pages from being droppable (Damian Mooyman)
|
||
* 2015-08-21 [b14794b](https://github.com/silverstripe/silverstripe-framework/commit/b14794b780b30d5a6d39df9ed080135ff25045a8) Fix bulk actions making sitetree unclickable (Damian Mooyman)
|
||
* 2015-08-19 [a19fe39](https://github.com/silverstripe/silverstripe-framework/commit/a19fe39301f8a6a2e80e9a9d294c425b8699dc0c) Avoid PHP 5.6 deprecation with access to HTTP_RAW_POST_DATA. Fixed #4511 (Sam Minnee)
|
||
* 2015-07-31 [6a45f4a](https://github.com/silverstripe/silverstripe-framework/commit/6a45f4a1e125b1a75d042e59b38824b24fd3cd0f) fix mismatched quotes (Damian Mooyman)
|
||
* 2015-06-15 [ca039e1](https://github.com/silverstripe/silverstripe-framework/commit/ca039e15ef7306d7b56d64d93892d2fb6173fcf7) Fix regressions in changes to batch action feature (David Craig)
|
||
* 2015-06-11 [8a4c518](https://github.com/silverstripe/silverstripe-framework/commit/8a4c51893b345f7653e77acdd3667bbe61346784) allow for increase_time_limit_to to work if $_increase_time_limit_max is not yet set (Stevie Mayhew)
|