This document contains information for an outdated version (2.3) and may not be maintained any more.
If some of your projects still use this version, consider upgrading as soon as possible.
- Fixed a security issue where pages in draft mode might be visible to unauthenticated users
- Fixed a security issue where users with access to admin/security (but limited privileges) can take over a known administrator account by changing its password
- Allow Apache webserver to customized error pages in HTML, rather than Apache default styling
- Testing harness improvements: More verbose testing output, fixed coverage report generation
- Fixed installer logic for SQLite database drivers
- All unit tests pass on Windows OS/SQL Server
- Over 100 other improvements and bugfixes
Features and Enhancements
-  added the ability to toggle the use draft site setting
-  #5977 Added optional argument to !ClassInfo::getValidSubClasses() and removed harcoded !SiteTree
-  disable basic auth by default, tests run on the assumption it is disabled.
-  Added -v / --verbose option to dev/tests/*, to make it output every single test name before it starts that test.
-  Session::set_cookie_path() and Session::set_cookie_domain() are now possible. This is useful for sharing cookies across all subdomains, for example.
-  make !RestfulService support PUT method.
-  ErrorDocument in default .htaccess so Apache serves default 404 and 500 server error pages
-  #3828 500 server error page is created by default on dev/build
-  New Member records are populated with the currently set default through i18n::set_locale()
-  Restful service returns cached response on http and curl errors
-  #2856 Limiting of relative URLs for Director::forceSSL() using a map of PCRE regular expressions
-  Added argument to SQLQuery->leftJoin()/innerJoin() (#5802, thanks stojg)
-  Full-text search with double quotes returns too many results. ticket #5733. Thanks ktauber.
-  Member->canEdit() returns false if the editing member has lower permissions than the edited member, for example if a member with CMS_ACCESS_!SecurityAdmin permissions tries to edit an ADMIN (fixes #5651)
-  #5873 !DataObjectSet::shift() now performs a proper shift instead of unshift (wrong). Please use !DataObjectSet::unshift($item) if unshifting was intended!
-  Added !DataObjectSet::pop()
-  Member::set_session_regenerate_id() can now be used to disable Member::session_regenerate_id() which can break setting session cookies across all subdomains of a site
-  Fixed column names that were not quoted that broke PostgreSQL
-  Fixed double quotes around column names in Versioned::augmentDatabase()
-  delete orphaned records from versioned tables when updating. #5936
-  Protect !MemberTest from side effects caused by auth_openid and forum modules
-  Respecting field specific locale settings in !DatetimeField and !DateField when validating and saving values (fixes #5931, thanks Tjofras)
-  Disallow addition of members to groups with !MemberTableField->addtogroup() when the editing member doesn't have permissions on the added member
-  Don't suggest members in !SecurityAdmin->autocomplete() that the current user doesn't have rights to edit (fixes #5651)
-  Enforcing canEdit() checks in !ComplexTableField_Popup - making form readonly if the current user can't edit
-  Case insensitive !DateField value navigation (fixes #5990, thanks gw0(
-  Passing $name in !MoneyField->!FieldCurrency() (fixes #5982, thanks andersw)
-  Removing "typography" class from HTMLEditorField container (should just apply to the contained
-  Documentation
-  Check in !TableListField->!HighlightClasses() (fixes #5993, thanks lx)
-  Avoid using ASP-style tags in SSViewer comments, it confuses PHP with asp_tags=ON (fixes #5976, thanks ezero)
-  Warning about install.php existing for root site tree node as well (!SiteConfig form)
-  added missing closing tag
-  Make dev/build not constantly show a changed index because of whitespace between VersionID and Version in the index spec
-  Removed removeDuplicates() call on linked pages !DataObjectSet in !MigrateSiteTreeLinkingTask which is no longer required, as the duplicate results were fixed in !DataObject directly
-  only call next() in iterator validation on initialisation or after reset NOT if current value is invalid
-  repair installer for sqlite
-  repair installer for sqlite
-  neatly quote identifiers
-  return a fail instead of an error
-  Remove whitespace if Surname field set on Member, but not !FirstName
-  Tests for Member::getName() and Member::setName()
-  trim space off end of firstname if surname is not set. #5925
-  CSSContentParser::__construct() now gives a better error if the content could not be parsed. This will mostly happen if tidy isn't present.
-  phpDoc updates for SS_!LogFileWriter and SS_!LogEmailWriter
-  Unit tests for !DataObjectSet::shift(), !DataObjectSet::unshift() and !DataObjectSet::pop()
-  Doc update for Director::forceSSL()
-  Applied patch from walec51 for <% control %> on empty set (#5579) Also added unit tests by ischommer
-  Fix links etc, and remove www. from SS urls
-  Clear out the test database in between each salad scenario.
-  Added tests for File::getURL() and File::getAbsoluteURL()
-  remove SQL table alias keyword AS
-  Fixed tests not working on the web side as redirection to https would occur
-  Fixed !DirectorTest to restore it's REQUEST_URI state to the original one after each test method is run
-  allow $icon to be overridden on !ErrorPages. PATCH via martljn (#5875).
-  Changed unknown web server text
-  Allow checking for a specific IIS version (parameter to !InstallRequirements::isIIS())
-  Removed double up of similar logic in !InstallRequirements
-  Simplified discovery of webserver during install
-  Removed unncessary isset() check
-  Add some documentation to !LeftAndMain_right.js
-  Removed command line functionality from installer which is no longer used
-  Fixed failing test as session being set before logging out and losing BackURL
-  Fixed failing tests because of locale not being set to the default in !SapphireTest::setUp()
-  Translations in CMSMain_left.ss
-  Making "todo" tab title translatable
-  Fixed Director::forceSSL() breaking unit tests because headers were already sent
-  Reverted r108433
-  DirectorTest should not extend from !FunctionalTest (regression from r108428)
-  Add trailing slash to image tag (thanks to mattclegg)
-  Cross-referencing some documentation
-  #5870 Block web requests to silverstripe-cache directory via htaccess !RedirectMatch rule or web.config hiddenSegments functionality if using IIS 7.x
-  Revert "MINOR: Applied patch from walec51 for <% control %> on empty set (#5579) Also added unit tests by ischommer"
-  This was not supposed to be pushed out yet.
-  This reverts commit 9c2aafa414948314236674e31fd756797d695139.
-  Revert "BUGFIX: sort order of widgets is now fixed."
-  This reverts commit 1e7781ba2b8ac30333a20d9a1b0bcb9b4ba5b0b0.
-  Added dev/tests/emptydb to clear out test session databases.
-  Using htmlentities($keywords,ENT_NOQUOTES) instead of proposed solution