From d194aaad4daad2d79db66ec8a24086f7bfa7f7d2 Mon Sep 17 00:00:00 2001 From: Andy Butland Date: Thu, 18 Jul 2024 08:03:02 +0100 Subject: [PATCH 1/2] Added release notes for Forms 14.1.0-rc2 --- 14/umbraco-forms/developer/configuration/README.md | 5 +++++ 14/umbraco-forms/release-notes.md | 9 +++++++++ 2 files changed, 14 insertions(+) diff --git a/14/umbraco-forms/developer/configuration/README.md b/14/umbraco-forms/developer/configuration/README.md index f8ac7bcb136..717d4ded798 100644 --- a/14/umbraco-forms/developer/configuration/README.md +++ b/14/umbraco-forms/developer/configuration/README.md @@ -92,6 +92,7 @@ For illustration purposes, the following structure represents the full set of op }, "Security": { "DisallowedFileUploadExtensions": "config,exe,dll,asp,aspx", + "AllowedFileUploadExtensions": "", "EnableAntiForgeryToken": true, "SavePlainTextPasswords": false, "DisableFileUploadAccessProtection": false, @@ -425,6 +426,10 @@ There are certain file extensions that in almost all cases should never be allow By default, .NET related code files like `.config` and `.aspx` are included in this deny list. You can add or - if you are sure - remove values from this list to meet your needs. +### AllowedFileUploadExtensions + +For further control, an "allow list" of extension can be provided via this setting. If provided, only the extensions entered as a comma separated list here will be accepted in file uploads through forms. + ### EnableAntiForgeryToken This setting needs to be a `true` or `false` value and will enable the ASP.NET Anti Forgery Token and we recommend that you enable this option. Defaults to `true`. diff --git a/14/umbraco-forms/release-notes.md b/14/umbraco-forms/release-notes.md index 68ae2f6d69c..bae56829870 100644 --- a/14/umbraco-forms/release-notes.md +++ b/14/umbraco-forms/release-notes.md @@ -17,6 +17,15 @@ If you are upgrading to a new major version, you can find information about the This section contains the release notes for Umbraco Forms 14 including all changes for this version. +#### [**14.1.0-rc2**](https://github.com/umbraco/Umbraco.Forms.Issues/issues?q=is%3Aissue+is%3Aclosed+label%3Arelease%2F14.1.0) **(July 18th 2024)** + +* Added configuration option `AllowedFileUploadExtensions` to provide an "allow list" of extensions that will be accepted in file uploads via forms [#1252](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1252). + * Read more about this and related settings [here](./developer/configuration/README.md#allowedfileuploadextensions). +* Allowed users without sensitive data permissions to set, but not remove, the sensitive flag on a form field [#1233](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1233). +* Ordered select list of prevalue sources when defining prevalues for a form field. +* Limited the field preview for a field containing prevalues. +* Improved support for editing large, multi-page forms by retaining scroll position between views and adding a "jump to page" option [#1243](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1243). + #### [**14.1.0-rc1**](https://github.com/umbraco/Umbraco.Forms.Issues/issues?q=is%3Aissue+is%3Aclosed+label%3Arelease%2F14.1.0) **(July 9th 2024)** * Added setting option for single and multiple choice fields to allow for vertical or horizontal display [#1218](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1218) From 41bbf1e903048638d2fbf1bbc12a4513587bbe01 Mon Sep 17 00:00:00 2001 From: Andy Butland Date: Thu, 18 Jul 2024 08:08:16 +0100 Subject: [PATCH 2/2] Added additional issue to release notes --- 14/umbraco-forms/release-notes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/14/umbraco-forms/release-notes.md b/14/umbraco-forms/release-notes.md index bae56829870..f41b90832e6 100644 --- a/14/umbraco-forms/release-notes.md +++ b/14/umbraco-forms/release-notes.md @@ -25,6 +25,7 @@ This section contains the release notes for Umbraco Forms 14 including all chang * Ordered select list of prevalue sources when defining prevalues for a form field. * Limited the field preview for a field containing prevalues. * Improved support for editing large, multi-page forms by retaining scroll position between views and adding a "jump to page" option [#1243](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1243). +* Resolved intermittent issues with display of entries list [#1256](https://github.com/umbraco/Umbraco.Forms.Issues/issues/1256). #### [**14.1.0-rc1**](https://github.com/umbraco/Umbraco.Forms.Issues/issues?q=is%3Aissue+is%3Aclosed+label%3Arelease%2F14.1.0) **(July 9th 2024)**