SilverStripe Platform Changelog

Table of Contents

New infrastructure versions are automatically rolled out to your stacks. To speed the upgrade process up you can run full deployments yourself once a new release becomes available. Contact the helpdesk if your infrastructure is not upgrading - your stacks may have been pegged to a specific version.

For the list of features and required infrastructure revisions see Platform Features. Some of the features require a stack upgrade.

Version 3

3.18.8 - 4 May 2018

  • Base image updated to latest Debian packages as of 4 May 2018. Key package versions:
    • PHP 5.6.35, PHP 7.1.16, PHP 7.2.4, Apache 2.4.10, nginx 1.10.3

3.18.7 - 3 May 2018

  • Remove unnecessary call to DynamoDB during release scripts.

3.18.6 - 20 April 2018

  • Fix regression introduced in 3.18.5.

3.18.5 - 19 April 2018

  • Fix for an issue where deploying SilverStripe 4.1 to a multi-az stack failed.

3.18.4 - 16 April 2018

  • Base image updated to latest Debian packages as of 13 April 2018. Key package versions:
    • PHP 5.6.35, PHP 7.1.16, PHP 7.2.4, Apache 2.4.10, nginx 1.10.3

3.18.3 - 9 April 2018

  • Allow underscores in headers sent to Apache via nginx

3.18.2 - 20 March 2018

  • Fix long domain names causing deployment failures
  • Remove apache alias /icons showing directory listing

3.18.1 - 23 February 2018

  • Base image updated to latest Debian packages as of 23 February 2018. Key package versions:
    • PHP 5.6.33, PHP 7.1.13, PHP 7.2.2, Apache 2.4.10, nginx 1.10.3

3.18.0 - 22 February 2018

  • Support for public webroot with SilverStripe 4.1
  • Fix for symlink failed during deployment in some cases

3.17.3 - 13 December 2017

  • Added PHP 7.2 support
  • Removed configuration files from automatic backup scripts

3.17.2 - 1 December 2017

  • Fix bug where dev/build was not running on snapshot restore
  • Change default nginx configuration to increase limit for allowed connections and open files

3.17.1 - 15 November 2017

  • SS4 stable release compatibility fixes - this is the minimum required version for SilverStripe 4
  • EFS sync fixes
  • Recommend syntax for cronjobs has been updated to use vhost=<vhost> /usr/local/bin/sushi

3.17.0 - 2 November 2017

  • Base image updated to latest Debian packages as of 2 November 2017. Key package versions:
    • PHP 5.6.32, PHP 7.1.11, Apache 2.4.10, nginx 1.10.3

3.16.0 - 18 October 2017

  • Fixes for wkhtmltopdf not working correctly with https
  • Cleanup of scripts for collecting system metrics

3.15.1 - 6 October 2017

  • Make “setup secrets” fail gracefully for backwards compatibility

3.15.0 - 27 September 2017

  • Fix long domain names causing deployment failures

3.14.0 - 22 September 2017

  • Ensure asset backup errors are correctly logged
  • Fix SS_BASE_URL to be absolute for SilverStripe 4 sites
  • Support for hunspell. Please contact Helpdesk if you would like it enabled
  • Base image updated to latest Debian packages as of 22 September 2017. Key package versions:
    • PHP 5.6.31, PHP 7.1.9, Apache 2.4.10, nginx 1.10.3

3.13.0 - 22 August 2017

  • Support for SilverStripe 4 draft assets
  • Introduce nginx-with-passthrough url_rule
  • Use SilverStripe generated 404 pages for nginx 404 responses
  • Fix bug with installation of additional newrelic package
  • Allow web traffic to .well-known - compliant with rfc 5785
  • Base image updated to latest Debian packages as of 11 August 2017. Key package versions:
    • PHP 5.6.31, PHP 7.1.8, Apache 2.4.10, nginx 1.10.3

3.12.0 - 26 July 2017

  • Support for PHP 7. PHP version can be selected in the .platform.yml file
  • Base image updated to latest Debian packages as of 26 July 2017. Key package versions:
    • PHP 5.6.31, PHP 7.1.7, Apache 2.4.10, nginx 1.10.3

3.11.3 - 11 July 2017

  • Fix regression fix in 3.11.1 not applied consistently

3.11.2 - 10 July 2017

  • Fix deployment of secrets: file secrets not readable, secret variables missing

3.11.1 - 30 June 2017

  • Fix crontask module failing to run due to regression in 3.11.0

3.11.0 - 29 June 2017

  • Support for SilverStripe 4
  • Base image updated to latest Debian packages as of 21 June 2017. Key package versions:
    • debian-jessie: PHP 5.6.30, Apache 2.4.10, nginx 1.10.3
  • Improve full deployment time by around 1-2 minutes

3.10.0 - 31 May 2017

  • Minor bug, performance and security fixes

3.9.4 - 4 May 2017

  • Support for custom hosts file entries. Please contact Helpdesk to discuss custom hosts file entries.

3.9.3 - 25 April 2017

  • Fixed a bootstrapping bug where a race condition would cause release scripts to fatally error.

3.9.2 - 20 April 2017

  • Add retries to curl functions in release scripts to improve reliability.

3.9.1 - 20 March 2017

  • Base image updated to latest Debian packages as of 20 March 2017. Key package versions:
    • debian-jessie: PHP 5.6.30, Apache 2.4.10, nginx 1.10.3
  • Fix bug where Apache would close connection on certain combination of headers.

3.9.0 - 1 March 2017

  • Base image updated to latest Debian packages as of 14 February 2017. Key package versions:
    • debian-jessie: PHP 5.6.30, Apache 2.4.10, nginx 1.9.10
  • Adding _ss_environment.php constants for connecting to elasticsearch
  • Support CMS access feature.

3.7.2 - 10 January 2017

  • Base image updated to latest Debian packages as of 10 January 2017. Key package versions:
    • debian-jessie: PHP 5.6.29, Apache 2.4.10, nginx 1.9.10
  • Introduce unattended upgrade support for daily security updates on operating system packages
  • Fix font file types not being gzipped by the web server
  • Optimise gzip compression for minor performance improvements
  • Fixing email not sending from web servers if a “From” address is missing

3.7.1 - 6 December 2016

3.7.0 - 25 November 2016

  • Add url_rules option to .platform.yml so that stack behaviour can be customised depending on the URL. Supported rules are “nginx”, “apache”, and “deny”.
  • Fixed IP appearing incorrectly in Apache logs, and in $_SERVER['REMOTE_ADDR']. True user IP will be reported now.

3.6.9 - 26 October 2016

  • Base image updated to latest Debian packages as of 26 October 2016. Key package versions:
    • debian-jessie: PHP 5.6.27, Apache 2.4.10, nginx 1.9.10
  • Fix for privilege escalation vulnerability Dirty COW (CVE-2016-5195)
  • Updates to Puppet modules used to provision web server software
  • Fix release cleanup script causing deploy rollback failures in some cases

3.6.8 - 10 October 2016

  • Base image updated to latest Debian packages as of 10 October 2016. Key package versions:
    • debian-jessie: PHP 5.6.26, Apache 2.4.10, nginx 1.9.10
  • Remove old monitoring scripts for internally used tools

3.6.7 - 30 September 2016

  • Minor security update for maintenance access

3.6.6 - 26 August 2016

  • Allow access to XML files

3.6.5 - 11 August 2016

  • Fix reliability issues with message handler for code-only deployments, and snapshots

3.6.4 - 5 August 2016

  • Fix some cases of snapshots failing if assets directory doesn’t exist
  • Fix backup causing unnecessary load when there are a lot of assets
  • Fix some cases where first deployment on a virtual stack fails because database wasn’t created

3.6.3 - 29 July 2016

  • Disallow Apache from showing directory indexes
  • Show more information if SSL certificate failed to install during a full deployment
  • Remove old monitoring scripts for internally used tools
  • Base image updated to latest Debian packages as of 29 July 2016. Key package versions:
    • debian-jessie: PHP 5.6.24, Apache 2.4.10, nginx 1.9.10

3.6.2 - 20 July 2016

  • Disable the Proxy header in nginx to prevent malicious redirection of outbound HTTP traffic httpoxy
  • Base image updated to latest Debian packages as of 19 July 2016. Key package versions:
    • debian-jessie: PHP 5.6.23, Apache 2.4.10, nginx 1.9.10

3.6.1 - 14 July 2016

  • Fix svg and js files not being gzipped by nginx

3.6.0 - 11 July 2016

  • Skip dev/build when not needed to speed up autoscaling events
  • Security fix for nginx to restrict access to internal project files

3.5.4 - 1 July 2016

  • Base image updated to latest Debian packages as of 1 July 2016. Key package versions:
    • debian-jessie: PHP 5.6.22, Apache 2.4.10, nginx 1.9.10

3.5.3 - 28 June 2016

  • More efficient lookup when attaching NFS mounts on release
  • Remove cron entries containing no useful information from logs
  • Fix nginx warnings in logs when using a lot of domains
  • Better detection of failed full deployments for customised multi datacentre stacks
  • Fixing some cases where snapshots and code-only deploys fail on instances without having had a full deploy in a long time

3.5.2 - 20 June 2016

  • Fix broken nginx deny rule resulting in some files in the root of the site code being viewable, such as composer.json
  • Base image updated to latest Debian packages as of 20 June 2016. Key package versions:
    • debian-jessie: PHP 5.6.22, Apache 2.4.10, nginx 1.9.10

3.5.1 - 16 June 2016

  • Fix older environments not redirecting www and HTTPS rules properly

3.5.0 - 15 June 2016

3.4.3 - 10 June 2016

  • Fix database credentials not having access to the database in some cases which breaks deployments

3.4.2 - 9 June 2016

  • Fix long stack names breaking deployments

3.4.1 - 8 June 2016

  • Fix hyphenated stack names breaking deployments

3.4.0 - 8 June 2016

  • Better support for Web Application Firewalls (WAF)
  • Support installing files and services by Platform Operations
  • Upgrade nginx 1.6 to 1.9
  • Base image updated to latest Debian packages as of 7 June 2016. Key package versions:
    • debian-jessie: PHP 5.6.20, Apache 2.4.10, nginx 1.9.10

3.3.0 - 20 May 2016

  • Support for additional .platform.yml settings shared_dirs, php_settings, crons, apache
  • Fix for multi datacentre stacks that caused assets to visually disappear after being uploaded via the CMS
  • Fix for nginx that caused pages with large HTML headers to cause an 500 error

3.2.1 - 29 April 2016

  • Fix logs showing incorrect date in Graylog when using a timezone other than Pacific/Auckland
  • Fix rollback failing in some circumstances in code-only deployments
  • Fix log forwarders sometimes timing out too soon and causing Graylog issues
  • Base image updated to latest Debian packages as of 29 April 2016. Key package versions:
    • debian-jessie: PHP 5.6.20, Apache 2.4.10

3.2.0 - 20 April 2016

  • Whitelist support - enables self-service through the Dashboard
  • Fix snapshots failing if site code has overridden database credentials
  • Fix SSL configuration silently failing during deployment if vault not configured for an environment
  • Fix snapshots timing out in some circumstances

3.1.1 - 4 April 2016

  • Isolated database credentials for each virtual environment
  • Fix superfluous “Could not request certificate: getaddrinfo: Name or service not known” log entries in Graylog
  • Base image updated to latest Debian packages as of 4 April 2016. Key package versions:
    • debian-jessie: PHP 5.6.19, Apache 2.4.10

3.1.0 - 30 March 2016

  • SSL termination on all types of stacks (including single AZ and virtual) - enables self-service through the Dashboard
  • Better error recovery for deployments in some edge-case situations (empty history file)
  • Fix base stack deployment log that could be overwritten by virtual stack deployments
  • Added monitoring of inodes
  • Base image updated to latest Debian packages as of 22 March 2016. Key package versions:
    • debian-jessie: PHP 5.6.17, Apache 2.4.10

3.0.6 - 24 February 2016

  • Fix restoring a snapshot to the wrong database when it contains a USE statement

3.0.5 - 18 February 2016

  • Fix “Configuration failed” error in some cases when deploying using Stack Share

3.0.4 - 16 February 2016

  • Fix code-only deployments with “Failed to release… 404” error
  • Fix some cases where NFS fails to mount on deployment
  • Support for Stack Share server logs and metrics
    • A new field virtual_id will now show for Graylog entries that relate to a virtual environment

3.0.3 - 9 February 2016

  • Fix log rotation rules breaking nginx logs

3.0.2 - 3 February 2016

  • Support for Stack Share on solo
  • Cleanup of old releases on deployment to avoid disk space being used up
  • Fix internal script producing bad metrics
  • Base image updated to latest Debian packages as of 3 February 2016. Key package versions:
    • debian-jessie: PHP 5.6.17, Apache 2.4.10

3.0.1 - 1 February 2016

  • Fix internal script producing excessive amount of metrics

Note that upgrading from 2 requires manual intervention. See notes above for more information.

3.0.0 - 1 February 2016

  • Introduces support for Stack Share
  • Removed support for debian-wheezy as the base option, please use debian-jessie instead

Note that upgrading from 2 requires manual intervention. See notes above for more information.

Deprecated Versions

Version 2 - 3 November 2016

2.0.19 - 26 October 2016

  • Base image updated to latest Debian packages as of 26 October 2016. Key package versions:
    • debian-jessie: PHP 5.6.27, Apache 2.4.10, nginx 1.9.10
    • debian-wheezy: PHP 5.4.45, Apache 2.2.22, nginx 1.6.2
  • Fix for privilege escalation vulnerability Dirty COW (CVE-2016-5195)

2.0.18 - 10 October 2016

  • Base image updated to latest Debian packages as of 10 October 2016. Key package versions:
    • debian-jessie: PHP 5.6.26, Apache 2.4.10, nginx 1.9.10
    • debian-wheezy: PHP 5.4.45, Apache 2.2.22, nginx 1.6.2

2.0.17 - 3 October 2016

  • Fix full deployment failures caused by an upstream dependency that was removed

2.0.16 - 29 July 2016

  • Base image updated to latest Debian packages as of 29 July 2016. Key package versions:
    • debian-jessie: PHP 5.6.24, Apache 2.4.10, nginx 1.9.10
    • debian-wheezy: PHP 5.4.45, Apache 2.2.22, nginx 1.6.2

2.0.15 - 20 July 2016

  • Base image updated to latest Debian packages as of 19 July 2016. Key package versions:
    • debian-jessie: PHP 5.6.23, Apache 2.4.10, nginx 1.9.10
    • debian-wheezy: PHP 5.4.45, Apache 2.2.22, nginx 1.6.2

2.0.14 - 1 July 2016

  • Base image updated to latest Debian packages as of 1 July 2016. Key package versions:
    • debian-jessie: PHP 5.6.22, Apache 2.4.10, nginx 1.9.10
    • debian-wheezy: PHP 5.4.45, Apache 2.2.22, nginx 1.6.2

2.0.13 - 28 June 2016

  • More efficient lookup when attaching NFS mounts on release

2.0.12 - 20 June 2016

  • Base image updated to latest Debian packages as of 20 June 2016. Key package versions:
    • debian-jessie: PHP 5.6.22, Apache 2.4.10, nginx 1.9.10
    • debian-wheezy: PHP 5.4.45, Apache 2.2.22, nginx 1.6.2

2.0.11 - 23 May 2016

  • Fix for multi datacentre stacks that caused assets to visually disappear after being uploaded via the CMS

2.0.10 - 29 April 2016

  • Fix logs showing incorrect date in Graylog when using a timezone other than Pacific/Auckland
  • Fix log forwarders sometimes timing out too soon and causing Graylog issues
  • Base image updated to latest Debian packages as of 29 April 2016. Key package versions:
    • debian-jessie: PHP 5.6.20, Apache 2.4.10
    • debian-wheezy: PHP 5.4.45, Apache 2.2.22

2.0.9 - 4 April 2016

  • Fix superfluous “Could not request certificate: getaddrinfo: Name or service not known” log entries in Graylog
  • Base image updated to latest Debian packages as of 4 April 2016. Key package versions:
    • debian-jessie: PHP 5.6.19, Apache 2.4.10
    • debian-wheezy: PHP 5.4.45, Apache 2.2.22

2.0.8 - 30 March 2016

  • Base image updated to latest Debian packages as of 22 March 2016. Key package versions:
    • debian-jessie: PHP 5.6.17, Apache 2.4.10
    • debian-wheezy: PHP 5.4.45, Apache 2.2.22

2.0.7 - 16 February 2016

  • Fix some cases where NFS fails to mount on deployment

2.0.6 - 11 February 2016

  • Cleanup of old releases on deployment to avoid disk space being used up

2.0.5 - 9 February 2016

  • Fix log rotation rules breaking nginx logs

2.0.4 - 3 February 2016

  • Base image updated to latest Debian packages as of 3 February 2016. Key package versions:
    • debian-jessie: PHP 5.6.17, Apache 2.4.10
    • debian-wheezy: PHP 5.4.45, Apache 2.2.22

2.0.3 - 1 February 2016

  • Fix internal script producing excessive amount of metrics

2.0.2 - 1 February 2016

  • Fixing backups not working on the new NFS infrastructure

2.0.1 - 27 January 2016

  • Fixing permission issue with mounted shared assets
  • Fixing issue where nginx requests aren’t logged in some circumstances

2.0.0 - 13 January 2016

  • Rearchitected NFS infrastructure which serves assets to web instances. This provides:

    • Improved resiliency and quicker resolution time should an NFS instance fail
    • Improved NFS monitoring to detect problems earlier
    • Ability to increase NFS diskspace

Version 1 - 18 April 2016

1.4.10 - 4 April 2016

  • Fix superfluous “Could not request certificate: getaddrinfo: Name or service not known” log entries in Graylog
  • Base image updated to latest Debian packages as of 4 April 2016. Key package versions:
    • debian-jessie: PHP 5.6.19, Apache 2.4.10
    • debian-wheezy: PHP 5.4.45, Apache 2.2.22

1.4.9 - 30 March 2016

  • Base image updated to latest Debian packages as of 22 March 2016. Key package versions:
    • debian-jessie: PHP 5.6.17, Apache 2.4.10
    • debian-wheezy: PHP 5.4.45, Apache 2.2.22

1.4.8 - 11 February 2016

  • Cleanup of old releases on deployment to avoid disk space being used up

1.4.7 - 9 February 2016

  • Fix log rotation rules breaking nginx logs

1.4.6 - 3 February 2016

  • Base image updated to latest Debian packages as of 3 February 2016. Key package versions:
    • debian-jessie: PHP 5.6.17, Apache 2.4.10
    • debian-wheezy: PHP 5.4.45, Apache 2.2.22

1.4.5 - 1 February 2016

  • Fix internal script producing excessive amount of metrics

1.4.4 - 13 January 2016

  • Improved monitoring for web instance disk space usage on the root filesystem

1.4.3 - 14 December 2015

  • Adding logrotate support for Apache logs
  • Fixing snapshot cleanup not cleaning up all files in some cases

1.4.2 - 30 November 2015

  • Added MSFONTS for use with wkhtmltopdf
  • Concurrent connection throttling now works behind Incapsula and AWS Elastic Load Balancers
  • Static websites can now be deployed to a SSP stack
  • Display better error messages when a dev/build fails during a deploy
  • Only PHP files with the .php suffix will be executed by the apache web server

1.4.1 - 12 November 2015

  • Ensure PHP files in the assets directory are not executable
  • Stack snapshots can be imported to non platform environments with the sspak tool
  • Support for wkhtmltopdf, can be enabled on request

1.4.0 - 9 November 2015

  • Fix dev/build with PHP fatal errors not displayed in the deployments log
  • Base image updated to latest Debian packages as of 4 November 2015. Key package versions:
    • debian-jessie: PHP 5.6.14, Apache 2.4.10
    • debian-wheezy: PHP 5.4.45, Apache 2.2.22

1.3.5 - 3 November 2015

  • Fix snapshot restoring can crash after a code only deploy

1.3.4 - 22 October 2015

  • Fixing error handling and debug output in release scripts

1.3.3 - 20 October 2015

  • Fix code deployment issue when autoscaling events occur
  • Support for us-west-2 region on AWS

1.3.2 - 15 October 2015

  • Fix login not working in us-east-1 region

1.3.1 - 14 October 2015

  • Support for us-east-1 region on AWS
  • Fix for deployments failing when code repository has no SilverStripe code

1.3.0 - 5 October 2015

  • Base image updated to latest Debian packages as of 29 September 2015. Key package versions:
    • debian-jessie: PHP 5.6.13, Apache 2.4.10
    • debian-wheezy: PHP 5.4.45, Apache 2.2.22
  • BUG Fix potential escaping issues in ss_environment.php variables
  • BUG Output more information when dev/build fails during a deployment
  • BUG Fixes to internal Apache monitoring

1.2.2 - 17 September 2015

  • BUG Fixes to internal alerting rules

1.2.1 - 16 September 2015

  • BUG Apache is not monitored correctly using “debian-wheezy” base

1.2.0 - 7 September 2015

Release 1.2 introduces support for the new .platform.yml metadata file which grants development teams control over the infrastructure options for their stack, as well as exposing the upgrades done by Platform Operations. More information can be found in the infrastructure section.

This release also streamlines the Platform Dashboard incorporating some feedback we have received, and integrating the “full” and “fast” deployments into one workflow.

  • NEW Streamline Platform dashboard deployments
  • NEW Introduce .platform.yml.
  • NEW PHP 5.6 support using “debian-jessie” base option in .platform.yml
  • NEW nginx throttling. By default bots are limited to 30 interactive requests/minute per server, everyone else 2 interactive requests/second per IP
  • BUG Fix snapshots failing on solo stacks when encountering lost+found directory.

1.1.6 - 27 August 2015

  • BUG Fixed regression in newrelic extension due to Apache configuration changes

1.1.5 - 26 August 2015

  • BUG Apache worker recycling to fix cases where workers ran out of memory and crashed

1.1.4 - 20 August 2015

  • BUG Improved snapshot functionality to require less space upon creation
  • NEW Added snapshot monitoring to avoid potential failures

1.1.3 - 17 August 2015

  • NEW Improved monitoring of platform components to avoid potential failures

1.1.2 - 12 August 2015

  • BUG Ensure SilverStripe Platform and AWS URLs aren't indexed by search engines
  • NEW Improve web instance health checks

1.1.1 - 6 August 2015

  • BUG Hardened deployments around mounting assets

1.1.0 - 3 August 2015

This includes new features such as a complete revamp of deployments into the new SilverStripe Platform dashboard which now provides an easy-to-use interface and responsive design.

The new dashboard brings faster deployments (up to 90% faster), access to your web server logs, asset & database snapshots and improved deployment stability.

  • NEW Deployment performance improvements (up to 90% faster)
  • NEW SilverStripe Platform dashboard
  • NEW Asset & Database snapshots
  • NEW Ability to access web server logs
  • NEW Centralised login