Refactor ORM to use prepared statements
This is basically already done & merged into master, but needs stabilising.
For security purposes, we should be using PHP provided APIs rather than escaping values into SQL strings ourselves. We can also take this opportunity to add PDO support.
Release in 3.2.0 https://docs.silverstripe.org/en/3.2/changelogs/3.2.0
Posted about a new flag "awaiting release" in the core dev group. We will use this flag for items of functionally that have been completed and are not yet in a stable release.
Hamish Friedlander commented
We haven't really decided what "completed" means yet. It probably doesn't mean "something's been merged into master". Having chatted with Tractorcow though, he feels it's completed so happy to leave like that.
(Cam's been managing some discussions around flag meanings, I hadn't really realised that wasn't shared with other core devs - will move that discussion to silverstripe-committers.)