Skip to content

3.1.31

Latest

Choose a tag to compare

@engram-design engram-design released this 09 Jul 12:26

Fixed

  • Fixed a security vulnerability in the locutus dependency (CVE-2026-25521, CVE-2026-33994). (#2876)
  • Fixed required Payment fields being validated and processed on intermediate multi-page form submissions. (#2873)
  • Fixed a validation error being raised for conditionally-hidden sub-fields in a Repeater when the same field was visible in another row. (#2874)
  • Fixed conditionally-hidden fields inside a Repeater not being revealed when they have a validation error on Ajax forms with a Stripe payment field. (#2875)
  • Fixed missing authorization for integrations/form-settings, which could allow SSRF and exposure of integration credentials.
  • Fixed missing authorization when resuming incomplete submissions via the submit action.
  • Fixed missing authorization for sent-notifications/get-resend-modal-content.
  • Fixed save-submission allowing anonymous submission creation and accepting sensitive parameters from front-end requests.
  • Fixed an XSS vulnerability for importing forms with manipulated form title, handle, or notification name content.
  • Fix migration failure when Typed Link is installed by adding __toString() to Formie fields.
  • Fix required File Upload fields inside Repeaters breaking Stripe payment resubmits..