4.11.0

What's Changed

• [CVE-2022-28803] Block XSS in links and iframes by @GuySartorelli in #10374
• [CVE-2022-25238] Sanitise htmlfields serverside by @emteknetnz in #10375
• CVE-2021-41559 Disable xml entities by @emteknetnz in #10376
• DOCS: Add clearer instructions for prerelease installation by @unclecheese in #10164
• DOC Fix module version details by @emteknetnz in #10165
• DOC Unquote title by @emteknetnz in #10166
• DOC Add section for upgrading to PHPUnit 9.5 by @emteknetnz in #10169
• ENH Use ::create to get DropdownField instance in DBEnum by @lekoala in #10175
• FIX Don't use int width for mysql >= 8.0.17 #9453 by @gurucomkz in #9749
• Fixes various typos with codespell by @lerni in #10177
• Update URL unicode-org.github.io/icu addition #10118 by @lerni in #10176
• FIX Allow custom SELECT to be used for sorting in DataQuery::column() by @GuySartorelli in #10173
• MNT Mention CoreKernel protected variable name fix in the 4.11 changelog by @michalkleiner in #10180
• DOC Close xml tag by @emteknetnz in #10185
• DOCS: Docs for various new graphql features by @unclecheese in #10186
• TestMailer - Add Headers attribute in order for tests to asserts its contents by @ssmarco in #10172
• BUG: Export button performance fix. by @mfendeksilverstripe in #10196
• Fix lazy load height attribute typo by @cjsewell in #10197
• Per request from Paul, removing his name from the list of core committers by @madmatt in #10198
• ENH: adding index to PermissionRoleCode.Code for filtering + sorting by @sunnysideup in #10190
• DOCS Update all occurrences of /app/code/ to /app/src/ for v4 by @Michael-HEIW in #10114
• FIX: Remove limits in removeAll method. by @GuySartorelli in #10020
• BUG subTemplates should be an array by @wilr in #9989
• ENH Speed up DataObject::get_by_id by checking if there is an ID at all by @sunnysideup in #10163
• MINOR: add filterable and sortable field indexes by @sunnysideup in #10189
• Fix i18nTextCollector merge does not work with vendor modules by @bimthebam in #9720
• BUG: Datetime now() should be immutable by @mfendeksilverstripe in #10125
• Move hasEmptySchema and emptyString to DataSchema on SingleSelectField by @brettt89 in #9894
• Docs: DBComposite reword to make a little more sense. by @LiamKearn in #10193
• Remove italics in headings by @edwilde in #10205
• MNT Refactor out missing assertArraySubset by @emteknetnz in #10208
• DOCS: Bulk loader graphql docs by @unclecheese in #10203
• DOCS: Documenting the capability of 'envorconstant' to be checked against specific values by @patricknelson in #10079
• Add admin_email config recommendation to 4.9.0 upgrade by @andrewandante in #10212
• ENH Provide hook for updating absoluteBaseURL by @GuySartorelli in #10168
• DOCS Change "SilverStripe" to "Silverstripe" in readme by @GuySartorelli in #10206
• ENH Make all GridField components injectable (using abstract class) by @GuySartorelli in #10204
• Injector syntax docs update by @blueo in #10221
• V4: Fix documentation for Enum declaration Syntax by @bummzack in #10223
• NEW NullDatabase by @chillu in #10016
• DOC Document how to enable the preview panel for custom DataObjects. by @GuySartorelli in #10124
• NEW: Static validation for relationships. by @mfendeksilverstripe in #9874
• BUGFIX: Fixed issue where an undefined class error would be thrown when getting objects or ids from fixtures by @UndefinedOffset in #10224
• DOC Update old pre-namespaces PHPDoc by @GuySartorelli in #10226
• DOC Clarify which branch to target for third-party dependency changes by @emteknetnz in #10216
• DOC GraphQL src must always be an array. by @maxime-rainville in #10213
• DOC Add Steve to Core Committer list by @maxime-rainville in #10231
• Allow methods to be used for flexible searchable_fields by @tiller1010 in #10199
• ENH Provide ways to modify read-only gridfields globally. by @GuySartorelli in #9996
• API Implement updated Serializable API by @emteknetnz in #10232
• DOCS Fix link to PHPunit docs by @GuySartorelli in #10234
• DOCS Add blurbs about several new features to 4.11 changelog by @GuySartorelli in #10225
• DOC Clarify that Silverstripe CMS does not have a bug bounty program by @maxime-rainville in #10249
• API Extension hook for email default from by @emteknetnz in #10251
• DOCS: Fix file resolver example by @JohannDickson in #10255
• DEP Require guzzlehttp/psr7 ^2 by @emteknetnz in #10254
• Remove waring about typos by @maxime-rainville in #10256
• NEW Get the version for an individual module by @emteknetnz in #10235
• PATCH: hide passwords in error logs by @sunnysideup in #10260
• ENH Faster method for creating injected instances by @emteknetnz in #10265
• DOC Add Matt Peel to core committers by @maxime-rainville in #10266
• NEW Use embed/embed v4 by @emteknetnz in #10244
• ENH Fix deprecation issues for PHP 8.1 compatibility by @emteknetnz in #10273
• ORM is Object-Relational Mapping. by @eduardovinuela in #10240
• DOC Remove reference to GraphQL verbosity by @maxime-rainville in #10279
• added comment to be more specific by @zemiacsik in #10007
• ENH Various fixes for PHP 8.1 compatibility by @emteknetnz in #10275
• WEBP support doc by @maxime-rainville in #10282
• DOCS: address broken code samples by @freezernick in #10286
• DOC: Changelog for Composer 2.2.0 allow-plugins option by @sabina-talipova in #10289
• ENH PHP 8.1 compatibility by @emteknetnz in #10222
• DOC: Fix page not found in Builtin Middlewares by @freezernick in #10290
• FIX Revert adding extension hook by @emteknetnz in #10291
• ENH Various fixes for PHP 8.1 compatibility by @emteknetnz in #10281
• Fix error when posix_getpwuid returns false by @edwilde in #10299
• ENH Use guzzle for oembed by @emteknetnz in #10311
• ENH Allow multiple backtick variables in a single value by @emteknetnz in #10312
• ENH Ensure users are sent emails when passwords are changed by default by @GuySartorelli in #10313
• ENH: Add extension hooks to core emails by @kinglozzer in #10319
• DEP Add guzzle 7 requirement by @emteknetnz in #10324

New Contributors

• @gurucomkz made their first contribution in #9749
• @JohannDickson made their first contribution in #10255
• @eduardovinuela made their first contribution in #10240
• @zemiacsik made their first contribution in #10007
• @freezernick made their first contribution in #10286

Full Changelog: 4.10.8...4.11.0