Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

 

Security update releases 3.0.12 and 3.1.11

SilverStripe version 3.1.11 stable has been released today, you can get a copy from our...

Read post

SilverStripe version 3.1.11 stable has been released today, you can get a copy from our downloads section. All users of 3.1.0 and below or 3.1.11-rc1 are strongly advised to upgrade.

What's new in this version

This release includes two major fixes to the CMS and Framework, one being a critical security vulnerability, the other an issue in GridField which affects instances of SilverStripe running on servers with Suhosin enabled.

Details of security issue SS-2015-008 can be found on our security releases page. Sites which use the RestfulServer module, or provides limited CMS access to certain users, may be affected.

This issue has been resolved by adjustment to the behaviour of the SiteTree::canCreate method, some adjustments to SiteConfig, as well as much of the CMS user interface for managing the creation of new pages. In particular if user code overrides the SiteTree::canCreate method, it may be necessary to ensure you read the upgrading notes. Behaviour may change unless any necessary upgrades are not performed.

Upgrading notes can be found here for 3.1.11 and here for 3.0.12.

Upgrading

If you are using composer, upgrading is pretty simple. If you are linking to the 3.1.*-dev branch, you likely already have the update from the main branch, but if not a “composer update” will do the job.

If you are linked to a 3.1.* tag or development branch then update your composer.json as below.

"require": {
"silverstripe/cms": "3.1.11",
"silverstripe/framework": "3.1.11"
}

You can create a new web project to try out using our composer web installer

composer create-project silverstripe/installer ./mynewproject 3.1.11

Please note any issues you discover on our Github issue tracker for FrameworkCMS, or the Installer.

About the author
Damian Mooyman

Damian is a developer who has been stuck into SilverStripe for a few years, and a part of the company for a while too. He’ll be around on github under the handle @tractorcow if you need him.

Post your comment

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments

Like what you have read?

Sign up for our weekly blog digest sent to your inbox.

Subscribe