SilverStripe version 3.1.10 stable has been released today, you can get a copy from our downloads section. All users of 3.1.9 and below are strongly advised to upgrade.
What's new in this version
The major changes included in this release are improvements to encoding within the framework and cms, to ensure that any cross site scripting vulnerabilities are closed.
While these vulnerabilities are not minor issues, they can only be exploited by users with CMS access directly, and users with only trusted CMS users should not be at risk of malicious attack.
If you are using composer, upgrading is pretty simple. If you are linking to the 3.1.*-dev branch, you likely already have the update from the main branch, but if not a “composer update” will do the job.
If you are linked to a 3.1.* tag or development branch then update your composer.json as below.
You can create a new web project to try out using our composer web installer
composer create-project silverstripe/installer ./mynewproject 3.1.10