umbraco · alina-tincas · Jan 10, 2024 · Jan 9, 2024 · Jan 9, 2024 · Jan 9, 2024
diff --git a/10/umbraco-deploy/release-notes.md b/10/umbraco-deploy/release-notes.md
@@ -21,7 +21,7 @@ This section contains the release notes for Umbraco Deploy 4 and 10 including al
 
 <summary>Version 10</summary>
 
-[**10.3.2**](https://github.com/umbraco/Umbraco.Deploy.Issues/issues?q=is%3Aissue+is%3Aclosed+label%3Arelease%2F10.3.2) **(January 9th 2023)**
+[**10.3.2**](https://github.com/umbraco/Umbraco.Deploy.Issues/issues?q=is%3Aissue+is%3Aclosed+label%3Arelease%2F10.3.2) **(January 9th 2024)**
 
 * Fixed issue with transfer of content using language variants [#193](https://github.com/umbraco/Umbraco.Deploy.Issues/issues/193)
 
@@ -185,7 +185,7 @@ This section contains the release notes for Umbraco Deploy 4 and 10 including al
 
 <summary>Version 4</summary>
 
-[**4.9.2**](https://github.com/umbraco/Umbraco.Deploy.Issues/issues?q=is%3Aissue+is%3Aclosed+label%3Arelease%2F4.9.2) **(January 9th 2023)**
+[**4.9.2**](https://github.com/umbraco/Umbraco.Deploy.Issues/issues?q=is%3Aissue+is%3Aclosed+label%3Arelease%2F4.9.2) **(January 9th 2024)**
 
 * Fixed issue with transfer of content using language variants [#193](https://github.com/umbraco/Umbraco.Deploy.Issues/issues/193)
 

diff --git a/10/umbraco-forms/developer/configuration/README.md b/10/umbraco-forms/developer/configuration/README.md
@@ -84,7 +84,9 @@ For illustration purposes, the following structure represents the full set of op
       "DisableRecordIndexing": false,
       "EnableFormsApi": false,
       "EnableRecordingOfIpWithFormSubmission": "true",
-      "UseSemanticFieldsetRendering": false
+      "UseSemanticFieldsetRendering": false,
+      "DisableRelationTracking": false,
+      "TrackRenderedFormsStorageMethod": "TempData"
     },
     "Security": {
       "DisallowedFileUploadExtensions": "config,exe,dll,asp,aspx",
@@ -112,6 +114,9 @@ For illustration purposes, the following structure represents the full set of op
       },
       "RichText": {
         "DataTypeId": "ca90c950-0aff-4e72-b976-a30b1ac57dad"
+      },
+      "TitleAndDescription": {
+        "AllowUnsafeHtmlRendering": true
       }
     }
   }
@@ -375,6 +380,24 @@ Although this semantic markup is preferred, it could be a presentational breakin
 
 In Umbraco 13 this configuration option will be removed and the semantic rendering made the only option.
 
+### DisableRelationTracking
+
+Forms will by default track relations between forms and the content pages they are used on. This allows editors to see where forms are being used in their Umbraco website.
+
+If you would like to disable this feature, you can set the value of this setting to `false`.
+
+## TrackRenderedFormsStorageMethod
+
+Forms tracks the forms rendered on a page in order that the associated scripts can be placed in a different location within the HTML. Usually this is used to [render the scripts](../rendering-scripts.md)) at the bottom of the page.
+
+By default, `TempData` is used as the storage mechanism for this tracking.
+
+This can cause some issues when applying a Content Delivery Network (CDN) to your website, and as such an alternative is available using `HttpContext.Items`.
+
+To switch to this storage mechanism change the value of this setting from the default of `TempData` to `HttpContextItems`.
+
+We expect `HttpContextItems` to be the default option from Forms 14 onwards.
+
 ## Security configuration
 
 ### DisallowedFileUploadExtensions
@@ -457,9 +480,20 @@ This setting defines the domain from which the client-side assets for using the
 
 Valid options are `www.google.com` (the default) or `www.recaptcha.net`. You may want to use the latter for control of which domains are setting cookies on your site. [Read more at the reCAPTCHA documentation](https://developers.google.com/recaptcha/docs/faq#does-recaptcha-use-cookies).
 
-
 ### Rich text field type configuration
 
 #### DataTypeId
 
 Sets the Data Type Guid to use to obtain the configuration for the rich text field type. If the setting is absent, the value of the default rich text Data Type created by Umbraco on a new install is used.
+
+### Title and description field type configuration
+
+#### AllowUnsafeHtmlRendering
+
+When using the "title and description" field type, editors can provide HTML in the "description" field and have that rendered on the website.
+
+As a tightened security measure, you can set this value to `false` which will ensure HTML is no longer rendered.
+
+As some installations may be relying on HTML rendering, to preserve backward compatible behavior the default value of this setting is `true`.
+
+We expect to make the default value of this option `false` from Forms 14 onwards.
diff --git a/10/umbraco-forms/developer/rendering-scripts.md b/10/umbraco-forms/developer/rendering-scripts.md
@@ -4,7 +4,11 @@ Forms output some JavaScript which is by default rendered right below the markup
 
 In many cases, you might prefer rendering your scripts at the bottom of the page. For example, before the closing `</body>` tag. This generally improves site performance.
 
-In order to render your scripts where you want, you need to add the following snippet to your template. Make sure you add it below your scripts, right before the closing `</body>` tag:
+In order to render your scripts where you want, you need to add a snippet to your template. Make sure you add it below your scripts, right before the closing `</body>` tag.
+
+By default, Forms uses `TempData` for tracking the forms rendered on a page. The stored values are used when rendering the form scripts and associated data.
+
+The following snippet should be used.
 
 ```csharp
 @using Umbraco.Forms.Web.Extensions;
@@ -20,6 +24,20 @@ In order to render your scripts where you want, you need to add the following sn
 }
 ```
 
+If you have changed the configuration value `TrackRenderedFormsStorageMethod` to use `HttpContext.Items`, the snippet is:
+
+```csharp
+@if (Context.Items.TryGetValue("UmbracoForms", out object? formIdsObject) && formIdsObject is IEnumerable<Guid> formIds)
+{
+    foreach (var formId in formIds)
+    {
+        @await Component.InvokeAsync("RenderFormScripts", new { formId, theme = "default" })
+    }
+}
+```
+
+Read more about this configuration option in the [configuration](./configuration/README.md#TrackRenderedFormsStorageMethod) article.
+
 If you prefer to use a tag helper, that's an option too.
 
 Firstly, in your `_ViewImports.cshtml` file, ensure you have a reference to the Umbraco Forms tag helpers with:
@@ -34,6 +52,8 @@ Then instead of reading from `TempData` and invoking the view component directly
 <umb-forms-render-scripts theme="default" />
 ```
 
+This will use the appropriate storage method that you have configured.
+
 ## Enabling `ExcludeScripts`
 
 If you do not want to render the associated scripts with a Form, you need to explicitly say so. You need to make sure `ExcludeScripts` is checked/enabled, whether you are inserting your Form using a macro or adding it directly in your template.

diff --git a/10/umbraco-forms/release-notes.md b/10/umbraco-forms/release-notes.md
@@ -21,6 +21,20 @@ This section contains the release notes for Umbraco Forms 8 and 10 including all
 
 <summary>Version 10</summary>
 
+[**10.5.3**](https://github.com/umbraco/Umbraco.Forms.Issues/issues?q=is%3Aissue+is%3Aclosed+label%3Arelease%2F10.5.3) **(January 16th 2024)**
+
+* Added configuration value `TitleAndDescription:AllowUnsafeHtmlRendering` to allow tighter security for HTML rendering of text entered in the "Title and description" field type.
+    * See further details on the [configuration page](./developer/configuration/README.md#AllowUnsafeHtmlRendering).
+* Added forms dashboard translation for support of custom dashboards [#1125](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1125).
+* Resolved an issue where a workflow wasn't executed when conditionally based on a checkbox value [#1124](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1124).
+* Added details of the current record (form entry) to the workflow notification [#1042](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1042).
+* Fixed issue with styling of hidden fields in the "bootstrap" theme [#1120](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1120).
+* Rendered dictionary translations of field captions in backoffice entries view [#1131](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1131).
+* Ensured valid format string before rendering validation methods with placeholders [#1132](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1132).
+* Ensured Examine re-index user interface completes when no records are available for indexing [#1137](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1137).
+* Fixed issue where use of a custom field HTML ID attribute prefix breaks conditional logic in multi-page forms [#1138](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1138).
+* Resolved an out of range exception when a condition hides all fields on the final page of a multi-page form.
+
 [**10.5.2**](https://github.com/umbraco/Umbraco.Forms.Issues/issues?q=is%3Aissue+is%3Aclosed+label%3Arelease%2F10.5.2) **(November 14th 2023)**
 
 * Ensured validation pattern's saved for a field are cleared when changing the field type [#1083](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1083).
@@ -305,6 +319,15 @@ This section contains the release notes for Umbraco Forms 8 and 10 including all
 
 <summary>Version 8</summary>
 
+[**8.13.13**](https://github.com/umbraco/Umbraco.Forms.Issues/issues?q=is%3Aissue+is%3Aclosed+label%3Arelease%2F8.13.13) **(January 16th 2024)**
+
+* Back-ported backoffice performance improvements introduced in later versions [#1119](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1119).
+* Fixed permissions issue with use of start folder and group permissions [#1118](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1118)
+* Added configuration value `TitleAndDescriptionAllowUnsafeHtmlRendering` to allow tighter security for HTML rendering of text entered in the "Title and description" field type.
+    * See further details on the [configuration page](./developer/configuration/README.md#AllowUnsafeHtmlRendering).
+* Added forms dashboard translation for support of custom dashboards [#1125](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1125).
+* Resolved an issue where a workflow wasn't executed when conditionally based on a checkbox value [#1124](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1124).
+
 [**8.13.12**](https://github.com/umbraco/Umbraco.Forms.Issues/issues?q=is%3Aissue+is%3Aclosed+label%3Arelease%2F8.13.12) **(November 14th 2023)**
 
 * Ensured validation pattern's saved for a field are cleared when changing the field type [#1083](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1083).

diff --git a/12/umbraco-forms/developer/configuration/README.md b/12/umbraco-forms/developer/configuration/README.md
@@ -85,7 +85,9 @@ For illustration purposes, the following structure represents the full set of op
       "EnableFormsApi": false,
       "EnableRecordingOfIpWithFormSubmission": "true",
       "UseSemanticFieldsetRendering": false,
-      "DisableClientSideValidationDependencyCheck": false
+      "DisableClientSideValidationDependencyCheck": false,
+      "DisableRelationTracking": false,
+      "TrackRenderedFormsStorageMethod": "TempData"
     },
     "Security": {
       "DisallowedFileUploadExtensions": "config,exe,dll,asp,aspx",
@@ -113,6 +115,9 @@ For illustration purposes, the following structure represents the full set of op
       },
       "RichText": {
         "DataTypeId": "ca90c950-0aff-4e72-b976-a30b1ac57dad"
+      },
+      "TitleAndDescription": {
+        "AllowUnsafeHtmlRendering": true
       }
     }
   }
@@ -388,6 +393,24 @@ You can disable this check by setting the value of this configuration key to `tr
 
 If you are rendering your forms dependency scripts using the `async` attribute, you will need to disable this check.
 
+### DisableRelationTracking
+
+Forms will by default track relations between forms and the content pages they are used on. This allows editors to see where forms are being used in their Umbraco website.
+
+If you would like to disable this feature, you can set the value of this setting to `false`.
+
+## TrackRenderedFormsStorageMethod
+
+Forms tracks the forms rendered on a page in order that the associated scripts can be placed in a different location within the HTML. Usually this is used to [render the scripts](../rendering-scripts.md)) at the bottom of the page.
+
+By default, `TempData` is used as the storage mechanism for this tracking.
+
+This can cause some issues when applying a Content Delivery Network (CDN) to your website, and as such an alternative is available using `HttpContext.Items`.
+
+To switch to this storage mechanism change the value of this setting from the default of `TempData` to `HttpContextItems`.
+
+We expect `HttpContextItems` to be the default option from Forms 14 onwards.
+
 ## Security configuration
 
 ### DisallowedFileUploadExtensions
@@ -475,3 +498,15 @@ Valid options are `www.google.com` (the default) or `www.recaptcha.net`. You may
 #### DataTypeId
 
 Sets the Data Type Guid to use to obtain the configuration for the rich text field type. If the setting is absent, the value of the default rich text Data Type created by Umbraco on a new install is used.
+
+### Title and description field type configuration
+
+#### AllowUnsafeHtmlRendering
+
+When using the "title and description" field type, editors can provide HTML in the "description" field and have that rendered on the website.
+
+As a tightened security measure, you can set this value to `false` which will ensure HTML is no longer rendered.
+
+As some installations may be relying on HTML rendering, to preserve backward compatible behavior the default value of this setting is `true`.
+
+We expect to make the default value of this option `false` from Forms 14 onwards.
diff --git a/12/umbraco-forms/developer/rendering-scripts.md b/12/umbraco-forms/developer/rendering-scripts.md
@@ -4,7 +4,11 @@ Forms output some JavaScript which is by default rendered right below the markup
 
 In many cases, you might prefer rendering your scripts at the bottom of the page. For example, before the closing `</body>` tag. This generally improves site performance.
 
-In order to render your scripts where you want, you need to add the following snippet to your template. Make sure you add it below your scripts, right before the closing `</body>` tag:
+In order to render your scripts where you want, you need to add a snippet to your template. Make sure you add it below your scripts, right before the closing `</body>` tag.
+
+By default, Forms uses `TempData` for tracking the forms rendered on a page. The stored values are used when rendering the form scripts and associated data.
+
+The following snippet should be used.
 
 ```csharp
 @using Umbraco.Forms.Web.Extensions;
@@ -20,6 +24,20 @@ In order to render your scripts where you want, you need to add the following sn
 }
 ```
 
+If you have changed the configuration value `TrackRenderedFormsStorageMethod` to use `HttpContext.Items`, the snippet is:
+
+```csharp
+@if (Context.Items.TryGetValue("UmbracoForms", out object? formIdsObject) && formIdsObject is IEnumerable<Guid> formIds)
+{
+    foreach (var formId in formIds)
+    {
+        @await Component.InvokeAsync("RenderFormScripts", new { formId, theme = "default" })
+    }
+}
+```
+
+Read more about this configuration option in the [configuration](./configuration/README.md#TrackRenderedFormsStorageMethod) article.
+
 If you prefer to use a tag helper, that's an option too.
 
 Firstly, in your `_ViewImports.cshtml` file, ensure you have a reference to the Umbraco Forms tag helpers with:
@@ -34,6 +52,8 @@ Then instead of reading from `TempData` and invoking the view component directly
 <umb-forms-render-scripts theme="default" />
 ```
 
+This will use the appropriate storage method that you have configured.
+
 ## Enabling `ExcludeScripts`
 
 If you do not want to render the associated scripts with a Form, you need to explicitly say so. You need to make sure `ExcludeScripts` is checked/enabled, whether you are inserting your Form using a macro or adding it directly in your template.

diff --git a/12/umbraco-forms/release-notes.md b/12/umbraco-forms/release-notes.md
@@ -17,6 +17,22 @@ If you are upgrading to a new major version, you can find information about the
 
 This section contains the release notes for Umbraco Forms 12 including all changes for this version.
 
+#### [**12.2.2**](https://github.com/umbraco/Umbraco.Forms.Issues/issues?q=is%3Aissue+is%3Aclosed+label%3Arelease%2F12.2.2) **(January 16th 2024)**
+
+* Added configuration value `TitleAndDescription:AllowUnsafeHtmlRendering` to allow tighter security for HTML rendering of text entered in the "Title and description" field type.
+    * See further details on the [configuration page](./developer/configuration/README.md#AllowUnsafeHtmlRendering).
+* Ensured valid format string before rendering validation methods with placeholders [#1132](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1132).
+* Ensured the creation of the forms to content relation type is idempotent and created with consistent GUID [#1137](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1137).
+* Ensured Examine re-index user interface completes when no records are available for indexing [#1137](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1137).
+* Fixed issue where use of a custom field HTML ID attribute prefix breaks conditional logic in multi-page forms [#1138](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1138).
+* Added support for record based magic string replacement in the post-submission message [#1133](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1133).
+* Tightens up the null checks when reading form definition JSON for prevalue captions [#1140](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1140).
+* Added configuration value `DisableRelationTracking` to allow relation tracking between forms and content to be disabled.
+    * See further details on the [configuration page](./developer/configuration/README.md#DisableRelationTracking).
+* Added configuration value `TrackRenderedFormsStorageMethod` to allow use of `HttpContext.Items` over `TempData` when tracking rendered forms [#1144](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1144).
+    * See further details on the [configuration page](./developer/configuration/README.md#TrackRenderedFormsStorageMethod) and the [rendering scripts page](./developer//rendering-scripts.md).
+* Resolved an out of range exception when a condition hides all fields on the final page of a multi-page form.
+
 #### [**12.2.1**](https://github.com/umbraco/Umbraco.Forms.Issues/issues?q=is%3Aissue+is%3Aclosed+label%3Arelease%2F12.2.1) **(December 19th 2023)**
 
 * Fixed a regression issue with the use of the `SetFormFieldClass` method [#1127](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1127).

diff --git a/13/umbraco-deploy/release-notes.md b/13/umbraco-deploy/release-notes.md
@@ -17,7 +17,7 @@ If you are upgrading to a new major version you can find the details about the b
 
 This section contains the release notes for Umbraco Deploy 13 including all changes for this version.
 
-#### [**13.0.2**](https://github.com/umbraco/Umbraco.Deploy.Issues/issues?q=is%3Aissue+is%3Aclosed+label%3Arelease%2F13.0.2) **(January 9th 2023)**
+#### [**13.0.2**](https://github.com/umbraco/Umbraco.Deploy.Issues/issues?q=is%3Aissue+is%3Aclosed+label%3Arelease%2F13.0.2) **(January 9th 2024)**
 
 * Fixed issue with transfer of content using language variants [#193](https://github.com/umbraco/Umbraco.Deploy.Issues/issues/193)