Skip to content

2.2.23

Choose a tag to compare

@engram-design engram-design released this 09 Jul 12:21

Fixed

  • Fixed missing authorization for integrations/form-settings, which could allow SSRF and exposure of integration credentials.
  • Fixed missing authorization when resuming incomplete submissions via the submit action.
  • Fixed missing authorization for sent-notifications/get-resend-modal-content.
  • Fixed save-submission accepting sensitive parameters from front-end requests.
  • Fixed an XSS vulnerability for importing forms with manipulated form title, handle, or notification name content.
  • Fix SubFieldInterface vs SubfieldInterface references.