We’re excited to announce the release of Silverstripe CMS 4.13.0. This release is a little different from most minor releases in that it doesn’t include any major new features. Instead, the primary purpose of this release is to give projects a steady launch pad for upgrades to CMS 5, and to have a clear target for future bug and security patch releases.
Along with the usual smattering of bug fixes, this release adds some big improvements to the way developers can handle deprecation warnings. This will facilitate the upgrade process to Silverstripe CMS 5.
There are also some security vulnerability fixes in this release.
Support going forward
This is the last planned minor release of Silverstripe CMS 4. Silverstripe CMS 4 now enters its “bug and security fixes” phase. In practical terms, it means:
- no new features will be added to the CMS 4 compatible versions of supported modules
- for the next year, individual modules in the CMS 4 release line will have patch releases which fix bugs and any security vulnerabilities.
In about a year from now, the 4.x release line will enter “security fixes only” support, in which we’ll stop releasing bug fixes and only release patches which fix high impact security vulnerabilities.
In approximately two years, when we’re releasing CMS 6, the 4.x release line will reach end-of-life, and will not be supported in any form.
Read the Silverstripe CMS major release policy for more details.
Patched security vulnerabilities
Fixing security vulnerabilities is always a priority, and this release is no exception. This release includes patches to address four vulnerabilities that were responsibly disclosed to the Silverstripe CMS Core Committer team. We’re grateful to the community members who helped to identify these issues. See our security releases documentation for information about disclosing security issues.
One of the security vulnerability fixes included in this release is a high severity security issue - however we opted to release the fix for this vulnerability early, and its inclusion in the changelog for this release is for the sake of completeness only. See the blog post about that vulnerability for more information.
Please see the full release changelog for the details of these patched vulnerabilities.
Keen to get your upgrade underway?
Talk to your Digital Agency or Developer about upgrading
Haven’t got a Developer or Agency? No problem! Browse the Silverstripe CMS Developer Network or the Silverstripe Professional Partner Directory and filter by location to find a Silverstripe CMS Developer near you.
Developers, check out our documentation
This release announcement does not cover the full detail of what is included in the release. Be sure to review the full changelog before planning your next site upgrade.