SilverStripe is an open source content management application and PHP development framework. Initially released in 2000, and open source since 2006, SilverStripe has received numerous industry awards including Best Open Source Project in the 2010 New Zealand Open Source Awards.
Backup and restoration
7 September - 75MBSecurity
- 2016-08-02 b0ba201 Fix value / title escaping in CheckboxSetField and OptionsetField (Damian Mooyman) - See ss-2016-015
- 2016-07-25 d1163d8 Autologin cookies are ignored if autologin is disabled (Daniel Hensby) - See ss-2016-014
- 2016-07-22 8bbf1ca Uncasted member name (Daniel Hensby) - See ss-2016-013
- 2016-07-15 08384bb Reset Member::Salt on password change (Daniel Hensby) - See ss-2016-008
- 2016-07-14 782c18f ChangePasswordForm does not check $member->canLogin before login (Daniel Hensby) - See ss-2016-011
- 2016-07-14 c1525c8 Missing ACL check on ReportAdmin (Daniel Hensby) - See ss-2016-012
- 2016-05-03 41be95c Encode user supplied URL for embeding into page (Daniel Hensby) - See ss-2016-007
- 2016-08-15 ac26816 Fix regression in url concatenation #4967 (Damian Mooyman)
- 2016-08-15 ef85618 Fix regression in FormField casting (Damian Mooyman)
- 2016-08-02 af3412a fix to grid field loading wrong current page id when using multiple tabs (John Milmine)
- 2016-08-02 cd80d50 Fix unset config options returning isset() = true (Damian Mooyman)
- 2016-08-01 7d0b8e6 Fix permission checking code not correctly handling escaped SQL identifiers (Damian Mooyman)
- 2016-07-28 6c37532 Gridfield delete action back link (#5848) (Jono Menz)
- 2016-07-28 c965133 Direct edit file by URL (Jonathon Menz)
- 2016-07-25 3306deb Fix link concatenation in SilverStripeNavigator (#1560) (Damian Mooyman)
- 2016-07-25 9c7c7f6 Fix regression in missing require_js from #4259 (Damian Mooyman)
- 2016-07-22 82e5431 do not show HiddenClass pages in allowed children (#1555) (Robbie Averill)
- 2016-07-20 319d6d2 Fix doclink (#5827) (Damian Mooyman)
- 2016-07-19 10e06dc Fixes #1054 By preventing errors in the CMS only. (Russell Michell)
- 2016-07-15 b3fea37 Fixes support for "inline" form actions (fixes #2534) (Loz Calver)
- 2016-07-12 24efc7e Fix sorting ArrayList with sql-like syntax (Damian Mooyman)
- 2016-07-12 8123c43 Fix getAbsoluteLiveLink() concatenation (Damian Mooyman)
- 2016-07-12 87477a1 Fix incorrect url manipulation (Damian Mooyman)
- 2016-07-07 4aa1fc2 Changed form fields that call renderWith in Field() to call parent::Field() instead (#5783) (Ed Chipman)
- 2016-07-07 27cea80 SS_ConfigStaticManifest_Parser failed to handle ::class syntax (fixes #5701) (#5781) (Loz Calver)
- 2016-07-04 0b7dab3 Fix missing icons (Damian Mooyman)
- 2016-07-01 39238d9 falsey attribute values in shortcodes now work (Daniel Hensby)
- 2016-06-30 2cdfe6c Use RAW for DBField template helpers (Daniel Hensby)
- 2016-06-30 b0f237b Use RAW instead of Value for parsing shortcodes (Daniel Hensby)
- 2016-06-13 f0d4951 for #5683: Address security warning in CMS when attempting to access contents (Back-porting fix from PR #5163) (Patrick Nelson)
- 2016-06-08 bf00810 Fix buttonClicked() error (Damian Mooyman)
- 2016-06-06 946495b Regression with (fixes #5656) (Loz Calver)
- 2016-05-31 eba89b9 OldPageRedirector no longer loops infinitely if 404 thrown on existing page (Daniel Hensby)
- 2016-05-31 341f49c Fixed lookup of next closest visible field for focus restoring (fixes #5618) (UndefinedOffset)
- 2016-05-27 f1a0aef fix CMS_ACCESS permission being ignored if in incorrect order in array (Damian Mooyman)
- 2016-05-21 decd7e5 Fix getFinalisedQuery not including all queried columns (Damian Mooyman)
- 2016-05-20 8382685 #5557 Tests with no DB requirements wont create test DB (Daniel Hensby)
- 2016-04-19 43dcde5 Hierarchy was incorrectly unexpanding nodes that had been previously expanded (madmatt)
- 2016-01-22 4bd66b9 for #4909: Ensure RSSFeed_Entry is instantiated using the injector. (Patrick Nelson)
- 2015-04-21 a7100e9 Object::parse_class_spec failed to parse associative arrays (Loz Calver)
Read more: http://docs.silverstripe.org/en/3.4/changelogs/3.4.1
13 June - 75MBAPI Changes
- 2016-05-18 c55777c Enable friendly error HTTP code by default for new projects (Damian Mooyman)
- 2016-05-18 757cfae Enable Debug.friendly_error_httpcode to correctly set HTTP status code for errors (Damian Mooyman)
- 2016-05-12 7041c59 Enable requirements to persist between flushes (Damian Mooyman)
- 2016-04-19 43b0052 Remove artifact datalist overrides from UnsavedRelationList (Damian Mooyman)
- 2016-03-07 634e86f Include File.ParentID in fulltext search results (Damian Mooyman)
- 2015-12-13 62f183d before/afterExtend now support parameters passed by reference (Damian Mooyman)
- 2015-11-25 3842971 refactor LeftAndMain_Menu.ss into individually overridable components (Damian Mooyman)
- 2015-08-28 f6fe142 Making ArrayList (and others) more consistent with DataList (Daniel Hensby)
Features and Enhancements
- 2016-03-27 1e7281a Add onBeforeRender() hook to GridField (Loz Calver)
- 2016-03-15 2923787 consistent file icons (Jonathon Menz)
- 2016-02-23 375bbf9 and fix for issue #3186 (Tyler Kidd)
- 2016-02-22 01c8d38 Passing $tmpFile to extension. (Taras Yemtsov)
- 2015-12-22 c9ba0e4 Add ViewableData::setFailover() to refresh detected methods when changing failover (Loz Calver)
- 2016-05-18 62bd26d Fix suppression of display_errors in ErrorControlChain (Damian Mooyman)
- 2016-05-17 8ed25ae Fix DataObject::isChanged() detecting non saveable changes (#5545) (Damian Mooyman)
- 2016-05-17 8947bb0 Fix filtersOnId ignoring WHERE "ID" IN () (#5546) (Damian Mooyman)
- 2016-05-17 829f59e Fix link dialog box layout in CMS (Damian Mooyman)
- 2016-05-16 79d0590 Fix singleton('DBLocale') (Damian Mooyman)
- 2016-05-13 4d1ddf0 Prevent session hijackers from resetting a user password (Damian Mooyman)
- 2016-05-10 3738d88 Empty FROM clause (Daniel Hensby)
- 2016-05-10 d1df67d SQLSelect count methods now cast to int (fixes #5498) (Loz Calver)
- 2016-05-05 cc7a2ae Add framework/admin tests (#118) (Daniel Hensby)
- 2016-05-02 096f30e Fix GridFieldAddExistingAutocompleter (Damian Mooyman)
- 2016-04-28 6934083 for #5410 to help focus errors occurring on tabs within GridField controlled DataObjects (et al). (Patrick Nelson)
- 2016-04-21 fa5b8b8 Fix error when modals are displayed (Damian Mooyman)
- 2016-04-21 b4f466f Correct framework/module dependencies for cms (Damian Mooyman)
- 2016-04-21 ae268ae #5363 Add .JSON option for templates (Robbie Averill)
- 2016-03-29 7907d20 changing all cases of filesize spelling to file size (Tim Kung)
- 2016-03-17 96c586b only output $CleartextPassword if it has a value (Christopher Darling)
- 2016-02-12 a34f17f for #5028: Ensure empty YML configs don't break when merging them in (i.e. make sure it's traversable before foreach'ing over it). (Patrick Nelson)
- 2016-01-26 b1b403c Borders on CMS Actions (Daniel Hensby)
- 2016-01-26 c5fc9dd CMS actions alignment (Daniel Hensby)
- 2016-01-12 a7110be OptionsetField uses aria-required (Torleif West)
- 2016-01-11 122784b OptionsetField input has required #4901 (torleif)
- 2016-01-11 288c8a8 OptionsetField returns valid HTML #4901 (torleif)
- 2016-01-06 bf6337c Changes needed to respond to whitespace changes. (Sam Minnee)
- 2016-01-06 4aa5053 Fixes needed to adapt to whitespace changes. (Sam Minnee)
- 2015-12-22 24660af Parameters passed to includes overwrite all scopes (fixes #2617) (Loz Calver)
- 2015-11-04 fb43e59 Setting hide_ancestor=true causes a random page type to be hidden (Loz Calver)
- 2015-10-07 7a81372 castingHelper failed to find many_many_extraFields data (fixes #4661) (Loz Calver)
- 2015-08-04 e94c0fa extraClass() method to match parent method (Florian Thoma)
- 2014-10-29 61a9b2a GridFieldPaginator now prevents viewing pages with no results (fixes #3192) (Loz Calver)
Read more: http://docs.silverstripe.org/en/3.4/changelogs/3.4.0
18 November 2015 - 75MBSecurity
- 2015-11-12 b61d6dc HtmlEditorField_Toolbar#viewfile not whitelisting URLs (Hamish Friedlander) - See ss-2015-027
- 2015-11-11 bc1b289 Fix FormField error messages not being encoded safely (Damian Mooyman) - See ss-2015-026
- 2015-11-09 f290d86 Dont expose class on error (Hamish Friedlander) - See ss-2015-025
- 2015-11-01 4f55b6a XML escape RSSFeed $link parameter (Ingo Schommer) - See ss-2015-022
- 2015-10-28 132e9b3 Fix rewrite hash links XSS (Damian Mooyman) - See ss-2015-021
- 2015-11-10 732e705 Correct behaviour for empty filter array (as per 3.1) (Damian Mooyman)
- 2015-11-09 414ea3d prevent UploadField edit form generation for Folders (Damian Mooyman)
- 2015-11-05 c6c650f Ensure CMSMainTest uses correct siteconfig (Damian Mooyman)
- 2015-11-02 0272e44 Prevent dev/build continually regenerating Number field type (Damian Mooyman)
- 2015-10-30 2813f94 Ensure that filters on any fixed field are scoped to the base data table (Damian Mooyman)
- 2015-10-30 38ca963 Add missing CMSSecurity route (Damian Mooyman)
- 2015-10-29 daa86d3 Fix regression from #4396 in test fixtures (Damian Mooyman)
- 2015-10-28 db16248 Fix broken InlineFormAction (Damian Mooyman)
- 2015-10-27 293d847 for #4712: Dropping in some PHP documentation on return types for dynamically generated image methods. (Patrick Nelson)
- 2015-10-20 b857bdf Fix duplicate files being included in case of flush (Damian Mooyman)
- 2015-10-19 c364158 only use sethasemptydefault if exists. (Cam Findlay)
- 2015-10-08 ff6c0a3 (v3.1) for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)
- 2015-10-08 785f850 for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)
- 2015-10-01 75dc391 for #586 and possible fix for #736 and relates to #2449: Don't perform validation upon deletion, since it isn't necessary. Cleaned up type hint. (Patrick Nelson)
- 2015-09-17 e64d73c Fix ClassInfo::table_for_object_field (Damian Mooyman)
- 2015-08-05 2901664 . FulltextFilter requires table identifiers in match query (Elvinas L.)
- 2015-07-12 f192a6e #4392: Ensure headers are checked first before being clobbered by globally maintained state. Also ensuring tests utilize separate responses for isolation. (Patrick Nelson)
Read more: http://docs.silverstripe.org/en/3.2/changelogs/3.2.1
16 October 2015 - 75MBMajor changes
- Minimum PHP version raised to 5.3.3
- Introduction of new parameterised ORM
- Default support for PDO
- Moved SS_Report and ReportAdmin out to a separate module. If you're using composer or downloading a release, this module should be included for you. Otherwise, you'll need to include the module yourself (https://github.com/silverstripe-labs/silverstripe-reports)
- Moved SiteConfig also out to its own module. This will be included by default if you include the CMS module. (https://github.com/silverstripe/silverstripe-siteconfig)
- Implementation of new "Archive" concept for page removal, which supercedes "delete from draft". Where deletion removed pages only from draft, archiving removes from both draft and live simultaneously.
- Most of the Image manipulation methods have been renamed
- DataList::getRange() removed. Use limit() instead.
- SQLMap removed. Call map() on a DataList or use SS_Map directly instead.
- SQLQuery methods select(), limit(), orderby(), groupby(), having(), from(), leftjoin(), innerjoin(), where() and whereAny() removed. Use set*() and add*() methods instead.
New and changed API
- Implementation of a parameterised query framework eliminating the need to manually escape variables for use in SQL queries. This has been integrated into nearly every level of the database ORM.
- Refactor of database connectivity classes into separate components linked together through dependency injection
- Refactor of SQLQuery into separate objects for each query type: SQLSelect, SQLDelete, SQLUpdate and SQLInsert
- PDO is now a standard connector, and is available for all database interfaces
- DataObject::doValidate() method visibility added to access DataObject::validate externally
- NumericField now uses HTML5 "number" type instead of "text"
- UploadField "Select from files" shows files in all folders by default
- UploadField won't display an overwrite warning unless Upload::replaceFile is true
- HtmlEditorField no longer substitutes for indented text
- ClassInfo::dataClassesFor now returns classes which should have tables, regardless of whether those tables actually exist.
- SS_Filterable, SS_Limitable and SS_Sortable now explicitly extend SS_List
- Convert::html2raw no longer wraps text by default and can decode single quotes.
- Mailer no longer calls xml2raw on all email subject line, and now must be passed in via plain text.
- ErrorControlChain now supports reload on exceptions
- FormField::validate now requires an instance of Validator
- API: Removed URL routing by controller name
- Security: The multiple authenticator login page should now be styled manually - i.e. without the default jQuery UI layout. A new template, Security_MultiAuthenticatorLogin.ss is available.
- Security: This controller's templates can be customised by overriding the getTemplatesFor function.
- Deprecation::set_enabled() or SS_DEPRECATION_ENABLED can now be used to enable or disable deprecation notices. Deprecation notices are no longer displayed on test.
- API: Form and FormField ID attributes rewritten.
- SearchForm::getSearchQuery no longer pre-escapes search keywords and must be cast in your template
- Helper function DB::placeholders can be used to generate a comma separated list of placeholders useful for creating "WHERE ... IN (?,...)" SQL fragments
- Implemented Convert::symbol2sql to safely encode database and table names and identifiers. E.g. Convert::symbol2sql('table.column') => '"table"."column"';
- Convert::raw2sql may now quote the escaped value, as well as safely escape it, according to the current database adaptor's preference.
- DB class has been updated and many static methods have been renamed to conform to coding convention. Renamed API: affectedRows -> affected_rows; checkAndRepairTable -> check_and_repair_table; createDatabase -> create_database; createField -> create_field; createTable -> create_table; dontRequireField -> dont_require_field; dontRequireTable -> dont_require_table; fieldList -> field_list; getConn -> get_conn; getGeneratedID -> get_generated_id; isActive -> is_active; requireField -> require_field; requireIndex -> require_index; requireTable -> require_table; setConn -> set_conn; tableList -> table_list. Deprecated API: getConnect (Was placeholder for PDO connection string building code, but is made redundant after the PDOConnector being fully abstracted). New API: build_sql - Hook into new SQL generation code; get_connector (Nothing to do with getConnect); get_schema; placeholders; prepared_query
- SS_Database class has been updated and many functions have been deprecated, or refactored into the various other database classes. Most of the database management classes remain in the database controller, due to individual databases (changing, creating of, etc) varying quite a lot from API to API, but schema updates within a database itself is managed by an attached DBSchemaManager. Refactored into DBSchemaManager: createTable; alterTable; renameTable; createField; renameField; fieldList; tableList; hasTable; enumValuesForField; beginSchemaUpdate and endSchemaUpdate -> Use schemaUpdate with a callback; cancelSchemaUpdate; isSchemaUpdating; doesSchemaNeedUpdating; transCreateTable; transAlterTable; transCreateField; transCreateField; transCreateIndex; transAlterField; transAlterIndex; requireTable; dontRequireTable; requireIndex; hasField; dontRequireField; Refactored into DBQueryBuilder; sqlQueryToString. Deprecated: getConnect - Was intended for use with PDO, but was never implemented, and is now redundant, now that there is a stand-alone PDOConnector; prepStringForDB - Use quoteString instead; dropDatabase - Use dropSelectedDatabase; createDatabase - Use selectDatabase with the second parameter set to true instead; allDatabaseNames - Use databaseList instead; currentDatabase - Use getSelectedDatabase instead; addslashes - Use escapeString instead.
- LogErrorEmailFormatter now better displays SQL queries in errors by respecting line breaks
- Installer has been majorly upgraded to handle the new database configuration options and additional PDO functionality.
- Created SS_DatabaseException to emit database errors. Query information such as SQL and any relevant parameters may be used by error handling user code that catches this exception.
- The SQLConditionGroup interface has been created to represent dynamically evaluated SQL conditions. This may be used to wrap a class that generates a custom SQL clause(s) to be evaluated at the time of execution.
- DataObject constants CHANGE_NONE, CHANGE_STRICT, and CHANGE_VALUE have been created to provide more verbosity to field modification detection. This replaces the use of various magic numbers with the same meaning.
- create_table_options now uses constants as API specific filters rather than strings. This is in order to promote better referencing of elements across the codebase. See FulltextSearchable->enable for example.
- $FromEnd iterator variable now available in templates.
- Support for multiple HtmlEditorConfigs on the same page.
- Object::singleton() method for better type-friendly singleton generation
- New Image methods CropWidth and CropHeight added
- 'Max' versions of Image methods introduced to prevent up-sampling
- Update Image method names in PHP code and templates: SetRatioSize -> Fit; CroppedImage -> Fill; PaddedImage -> Pad; SetSize -> Pad; SetWidth -> ScaleWidth; SetHeight -> ScaleHeight
- Reduced database regeneration chances on subsequent rebuilds after the initial dev/build
- Elimination of various SQL injection vulnerability points
- DataObject::writeComponents() now called correctly during DataObject::write()
- Fixed missing theme declaration in installer
- Fixed incorrect use of non-existing exception classes (e.g. HTTPResponse_exception)
- GridState fixed to distinguish between check for missing values, and creation of nested state values, in order to prevent non-empty values being returned for missing keys. This was breaking DataObject::get_by_id by passing in an object for the ID.
- Fixed order of File fulltext searchable fields to use same order as actual fields. This is required to prevent unnecessary rebuild of MS SQL databases when fulltext searching is enabled.
- In the past E_RECOVERABLE_ERROR would be ignored, and now correctly appear as warnings.
Read more: http://docs.silverstripe.org/en/3.2/changelogs/3.2.0
display more versions
25 September 2013 - 75MBOverview
- Security: Require ADMIN for ?flush=1 (stop denial of service attacks) (#1692)
- Security: Require ADMIN for ?flush=1 (SS-2013-001)
- Security: Privilege escalation through Group hierarchy setting (SS-2013-003)
- Security: Privilege escalation through Group and Member CSV upload (SS-2013-004)
- Security: Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
- Security: Information disclosure in Versioned.php (SS-2013-006)
Read more: http://doc.silverstripe.org/framework/en/3.0/changelogs/3.0.6
19 February 2013 - 75MBOverview
- Fixes unpublish and "delete" actions in CMS (regression from $allowed_actions changes in 3.0.4)
- 2013-02-18 16d0c18 Find Form actions in CompositeFields for access checks (Ingo Schommer)
- 2013-02-19 9e7c622 fixed error property $ of object is not a function (roed)
Read more: http://doc.silverstripe.org/framework/en/3.0/changelogs/3.0.5
17 February 2013 - 75MB3.0.4 provides these security fixes and minor enhancements:
- Security: Undefined or empty $allowed_actions overrides parent definitions (Severity: Important)
- Security: Information leakage through web access on YAML configuration files (Severity: Moderate)
- Security: Information leakage through web access on composer files (Severity: Low)
- Security: Require ADMIN permissions for ?showtemplate=1 (Severity: Low)
- Security: Reflected XSS in custom date/time formats in admin/security (Severity: Low)
- Security: Stored XSS in the "New Group" dialog (Severity: Low)
- Security: Reflected XSS in CMS status messages (Severity: Low)
- API: More restrictive $allowed_actions checks for Controller when used with Extension
- Changed dev/tests/setdb and dev/tests/startsession from session to cookie storage.
Read more: http://doc.silverstripe.org/framework/en/3.0/changelogs/3.0.4
26 November 2012 - 75MB3.0.3 provides security fixes, bugfixes and a number of minor enhancements since 3.0.2.
Read more: http://doc.silverstripe.org/framework/en/3.0/changelogs/3.0.3
8 November 2012 - 75MB
Our Web hostings are compatible with
Only the Web hosting
100% SSD Web Hosting
100 GB and +
Free SSL certificates
10 GB of VOD
from 5.75 € / month
The complete Web+Mail offer
100% SSD Web Hosting
100 GB and +
Free SSL certificates
10 GB of VOD
25 email addresses with unlimited storage
Syncing contacts and calendars
from 7.42 € / month
100% SSD Web Hosting
100 GB and +
Multi-hostings and multisites
Free SSL certificates
10 GB of VOD
2 CPU and +
6 Gb (RAM) and +
100% dedicated resources
Infomaniak manages your server
from 29 € / month
Prices in EUR incl. tax