Releases: umbraco/Umbraco-CMS
Releases · umbraco/Umbraco-CMS
15.3.1
Changes
🔒 Security updates
- Resolved management API vulnerability to path traversal with authenticated users - Advisory GHSA-q62r-8ppj-xvf4
🐛 Bug Fixes
- Localization culture alias case-insensitive check by @leekelleher in #18849
- Context provider should not destroy instance by @nielslyngsoe in #18864
- Revert "Fix: RTE markup props not up to date issue" by @iOvergaard in #18879
Full Changelog: release-15.3.0...release-15.3.1
Contributors
leekelleher, iOvergaard, and nielslyngsoe
Assets 2
14.3.4
Changes
🔒 Security updates
- Resolved management API vulnerability to path traversal with authenticated users - Advisory GHSA-q62r-8ppj-xvf4
Full Changelog: release-14.3.3...release-14.3.4
13.8.0-rc
What's Changed
📦 Dependencies
- build(deps): bump @umbraco-ui/uui from 1.12.2 to 1.13.0 by @iOvergaard in #18830
- Updates dependency on Examine to 3.7 by @AndyButland in #18676
🚀 Backported Features
- Split force for publish descendants into separate options for publish unpublish and re-publish unedited (13) by @AndyButland in #18249
- Reverts UI updates from publish with descendants dialog by @AndyButland in #18647
- Backport
ShowUnroutableContentWarningsto V13 by @kjac in #18479
🐛 Bug Fixes
- HTML encodes the user's name in the invite email by @AndyButland in #18343
- Only filter post retrieval of entities for start nodes if working with entities that support start nodes by @AndyButland in #18287
- Avoid exception when attempting to find member by Id when Id is not an expected Guid or integer, as can be the case with external member providers by @AndyButland in #18320
- Disable webhook firing if disable in configuration (13) by @AndyButland in #18383
- Handle multiline statements in migrations by @AndyButland in #18478
- Remove version from models builder generated code header when configured to do so by @AndyButland in #18501
- Fixed typo in TinyMCE's da.js by @abjerner in #18628
- Introduce publishNotifications method on IMembershipMemberService by @Zeegaan in #18207
- Fix issue text overflow when user name is too long by @NguyenThuyLan in #18653
- Render folders before files in static files picker by @AndyButland in #18701
- Fixes issue with macro rendering in an RTE when GUIDs are used for backoffice document routes by @AndyButland in #18691
- Hotfix sqlserver integration tests by @andr317c in #18744
Full Changelog: release-13.7.2...release-13.8.0-rc
Contributors
iOvergaard, AndyButland, and 5 other contributors
Assets 2
15.3.0
What's Changed Since 15.3.0-rc2
🐛 Bug Fixes
- Hotfix: 18132 (preventing model diff approach) by @nielslyngsoe in #18530
- 15.3: Hotfix: Awaits Open Content Picker by @leekelleher in #18655
- hotfix #18735 by @nielslyngsoe in #18750
What's Changed Since 15.3.0-rc
🔒 Security updates
- Improper API access control allows low-privilege users access to data type functionality - Advisory GHSA-6ffg-mjg7-585x
- Restricted editor user can delete media item or access unauthorized content - Advisory GHSA-wx5h-wqfq-v698
- Updated ImageSharp dependency to patched version following CVE-2025-27598
🐛 Bug Fixes
- v15: Remove duplicate webhook registration by @Zeegaan in #18594
- Fixed issue with slider max validation using default 0 value by @AndyButland in #18616
What's Changed Since The Previous Release (15.2.3)
📦 Dependencies
- Bump @umbraco-cms/backoffice from 15.0.0 to 15.1.2 in /src/Umbraco.Web.UI.Login by @dependabot in #18064
- Bump vite from 5.4.11 to 5.4.14 in /src/Umbraco.Web.UI.Login by @dependabot in #18066
- Bump vite from 5.4.11 to 5.4.14 in /src/Umbraco.Web.UI.Client by @dependabot in #18193
- V15: Bump minimum required Node.js to V22 by @iOvergaard in #18274
- Bump dompurify from 3.2.3 to 3.2.4 in /src/Umbraco.Web.UI.Client by @dependabot in #18360
- Bump dompurify from 3.2.3 to 3.2.4 in /src/Umbraco.Web.UI.Login by @dependabot in #18362
- V15: update npm dependencies for login screen by @iOvergaard in #18373
- V15: Update Backoffice NPM dependencies by @iOvergaard in #18376
🚀 New Features
- Feature: Code Editor modal, adds pretty-print support by @leekelleher in #18123
- Feature: Tiptap: Generic markup support by @leekelleher in #18124
- Bugfix: Content Picker Search - support allowed content types config by @madsrasmussen in #18042
- V15: Show upload progress for dropped files in the Media Library by @iOvergaard in #18148
- V15: Client should validate maxFileSize and allowed/disallowed file types from server configuration by @iOvergaard in #18163
- Feature: workspace info app extension by @madsrasmussen in #18014
- Tiptap RTE: Add CSS support for extensions by @leekelleher in #18075
- V15/feature/notification-whitespace by @iOvergaard in #18190
- V15: Show server configuration when configuring the Upload Field by @iOvergaard in #18185
- Feature: Media Type Create Options by @madsrasmussen in #18196
- V15: Add progress UI to the Upload Field property editor by @iOvergaard in #18188
- Help Header App, popover placement + code tidy-up by @leekelleher in #18329
- Content dashboard, info box drop-shadow by @leekelleher in #18327
- V15: Show duration on time displays by @iOvergaard in #18341
- V15: Add a button to clear schedule by @iOvergaard in #18339
- V15: Save the variant before scheduling by @iOvergaard in #18344
- Tiptap RTE: Cascading Style Select Menu by @leekelleher in #18364
- Feature: Display current variant item name by @madsrasmussen in #18311
- Tiptap RTE: Table extension enhancements by @leekelleher in #18365
- Feature: Data mapping extension + aligning reference lists by @madsrasmussen in #18318
- Feature: Delete/Trash referenced by by @madsrasmussen in #18351
- Feature: Bulk Delete/Trash referenced by by @madsrasmussen in #18393
- Tiptap RTE: Font Family / Font Size toolbar items by @leekelleher in #18443
- V15: Adds validation on date from/to inputs in the schedule modal by @iOvergaard in #18437
- V15: Serverside Media Picker Validation by @nikolajlauridsen in #18429
- Feature: Property Value Preset by @nielslyngsoe in #18423
- Server side validation for property editors (integer, decimal and slider) by @AndyButland in #18428
- Tiptap RTE: configuration localizations by @leekelleher in #18125
- Tiptap RTE: Trailing Node extension by @leekelleher in #18446
- Tiptap RTE: Text Direction extension by @leekelleher in #18459
- Split force for publish descendants into separate options for publish unpublish and re-publish unedited by @AndyButland in #18270
- Warn when content is unroutable by @Zeegaan in #17837
🐛 Bug Fixes
- Allow skipSelect blueprints only when one blueprint exists by @callumbwhyte in #17818
- Health Check items "back to overview" link omits backoffice url segment by @matthewcare in #17828
- Add NoopCurrentMemberClaimsProvider so Umbraco can boot without the Delivery API enabled by @kjac in #18049
- Fix create child issue in list view with infinite editor (#13355). by @mvennevold in #17637
- Replaced deprecated navigator.platform with navigator.userAgent for platform detection. by @manutdkid77 in #17373
- Fix settings value begin indifference (17989) by @nielslyngsoe in #18022
- Feature: make areas optional by @nielslyngsoe in #18057
- Numeric property editor range and misconfiguration validation by @AndyButland in #17991
- 15: Convert pagesize properly to skip and take by @Zeegaan in #18069
- Handles migration case where an expected constraint is renamed but the constraint does not exist by @AndyButland in #18063
- Fix: 17764 by @nielslyngsoe in #18093
- Add clientside validation to webhook events by @kjac in #18089
- Allowed retrieval of current user configuration when accessing user profile as a non-admin user by @AndyButland in #18099
- V15/bugfix/Reset image crop button fix by @jonat123 in #18106
- V15: Add authorization to saves by @nikolajlauridsen in #18111
- Make it possible to reset media picker crops by @kjac in #18110
- Redirect to the published URL when exiting preview by @kjac in #18114
- Fix: stop using redirects in collections by @nielslyngsoe in #18112
- Bugfix: Remove sidebar bottom space by @nielslyngsoe in #18087
- Avoid wasting a whole thread watching for a filesystem change 😬 by @JasonElkin in #18119
- Updated the dialog label for User -> Assign Access -> Media Start nodes by @jonat123 in #18043
- updated the link picker modal and the property editors using it. by @jonat123 in #18059
- Bugfix: Align collection item entity actions with menu item entity actions by @madsrasmussen in #18118
- Refreshed display of check results after all checks are complete by @AndyButland in #18131
- Feature: Clean up validation messages by @nielslyngsoe in #18092
- V15: Media library crashes when uploading large files by @iOvergaard in #18113
- Added a check that we have a route before attempting to include it in the other URLs for a published document by @AndyButland in #18135
- Fix: Mandatory for Image Cropper (17372) by @nielslyngsoe in #18108
- Fix: media picker mandatory validation by @nielslyngsoe in #18109
- V13: remove...
Contributors
leekelleher, mattbrailsford, and 27 other contributors
Assets 2
13.7.2
Changes
🐛 Bug Fixes
- Avoids collection was modified issue when flowing identities to the authenticated user's principal @AndyButland in #18527
Full Changelog: release-13.7.1...release-13.7.2
Contributors
AndyButland
Assets 2
15.2.3
Changes
Security updates
- Improper API access control allows low-privilege users access to data type functionality - Advisory GHSA-6ffg-mjg7-585x
- Restricted editor user can delete media item or access unauthorized content - Advisory GHSA-wx5h-wqfq-v698
- Updated ImageSharp dependency to patched version following CVE-2025-27598
Full Changelog: release-15.2.2...release-15.2.3
14.3.3
Changes
Security updates
- Improper API access control allows low-privilege users access to data type functionality - Advisory GHSA-6ffg-mjg7-585x
- Restricted editor user can delete media item or access unauthorized content - Advisory GHSA-wx5h-wqfq-v698
- Updated ImageSharp dependency to patched version following CVE-2025-27598
Full Changelog: release-14.3.2...release-14.3.3
13.7.1
Changes
Security updates
- Improper API access control allows low-privilege users access to data type functionality - Advisory GHSA-6ffg-mjg7-585x
- Restricted editor user can delete media item or access unauthorized content - Advisory GHSA-wx5h-wqfq-v698
- Updated ImageSharp dependency to patched version following CVE-2025-27598
New Contributors
- @RolandKock made their first contribution in #18602
Full Changelog: release-13.7.0...release-13.7.1
Contributors
RolandKock
Assets 2
10.8.9
Changes
Security updates
- Improper API access control allows low-privilege users access to data type functionality - Advisory GHSA-6ffg-mjg7-585x
- Restricted editor user can delete media item or access unauthorized content - Advisory GHSA-wx5h-wqfq-v698
- Updated ImageSharp dependency to patched version following CVE-2025-27598
Full Changelog: release-10.8.8...release-10.8.9
15.3.0-rc2
What's Changed Since 15.3.0-rc
🔒 Security updates
- Improper API access control allows low-privilege users access to data type functionality - Advisory GHSA-6ffg-mjg7-585x
- Restricted editor user can delete media item or access unauthorized content - Advisory GHSA-wx5h-wqfq-v698
- Updated ImageSharp dependency to patched version following CVE-2025-27598
🐛 Bug Fixes
- v15: Remove duplicate webhook registration by @Zeegaan in #18594
- Fixed issue with slider max validation using default 0 value by @AndyButland in #18616
Full Changelog: release-15.3.0-rc...release-15.3.0-rc2
What's Changed Since The Previous Release (15.2.3)
📦 Dependencies
- Bump @umbraco-cms/backoffice from 15.0.0 to 15.1.2 in /src/Umbraco.Web.UI.Login by @dependabot in #18064
- Bump vite from 5.4.11 to 5.4.14 in /src/Umbraco.Web.UI.Login by @dependabot in #18066
- Bump vite from 5.4.11 to 5.4.14 in /src/Umbraco.Web.UI.Client by @dependabot in #18193
- V15: Bump minimum required Node.js to V22 by @iOvergaard in #18274
- Bump dompurify from 3.2.3 to 3.2.4 in /src/Umbraco.Web.UI.Client by @dependabot in #18360
- Bump dompurify from 3.2.3 to 3.2.4 in /src/Umbraco.Web.UI.Login by @dependabot in #18362
- V15: update npm dependencies for login screen by @iOvergaard in #18373
- V15: Update Backoffice NPM dependencies by @iOvergaard in #18376
🚀 New Features
- Feature: Code Editor modal, adds pretty-print support by @leekelleher in #18123
- Feature: Tiptap: Generic markup support by @leekelleher in #18124
- Bugfix: Content Picker Search - support allowed content types config by @madsrasmussen in #18042
- V15: Show upload progress for dropped files in the Media Library by @iOvergaard in #18148
- V15: Client should validate maxFileSize and allowed/disallowed file types from server configuration by @iOvergaard in #18163
- Feature: workspace info app extension by @madsrasmussen in #18014
- Tiptap RTE: Add CSS support for extensions by @leekelleher in #18075
- V15/feature/notification-whitespace by @iOvergaard in #18190
- V15: Show server configuration when configuring the Upload Field by @iOvergaard in #18185
- Feature: Media Type Create Options by @madsrasmussen in #18196
- V15: Add progress UI to the Upload Field property editor by @iOvergaard in #18188
- Help Header App, popover placement + code tidy-up by @leekelleher in #18329
- Content dashboard, info box drop-shadow by @leekelleher in #18327
- V15: Show duration on time displays by @iOvergaard in #18341
- V15: Add a button to clear schedule by @iOvergaard in #18339
- V15: Save the variant before scheduling by @iOvergaard in #18344
- Tiptap RTE: Cascading Style Select Menu by @leekelleher in #18364
- Feature: Display current variant item name by @madsrasmussen in #18311
- Tiptap RTE: Table extension enhancements by @leekelleher in #18365
- Feature: Data mapping extension + aligning reference lists by @madsrasmussen in #18318
- Feature: Delete/Trash referenced by by @madsrasmussen in #18351
- Feature: Bulk Delete/Trash referenced by by @madsrasmussen in #18393
- Tiptap RTE: Font Family / Font Size toolbar items by @leekelleher in #18443
- V15: Adds validation on date from/to inputs in the schedule modal by @iOvergaard in #18437
- V15: Serverside Media Picker Validation by @nikolajlauridsen in #18429
- Feature: Property Value Preset by @nielslyngsoe in #18423
- Server side validation for property editors (integer, decimal and slider) by @AndyButland in #18428
- Tiptap RTE: configuration localizations by @leekelleher in #18125
- Tiptap RTE: Trailing Node extension by @leekelleher in #18446
- Tiptap RTE: Text Direction extension by @leekelleher in #18459
- Split force for publish descendants into separate options for publish unpublish and re-publish unedited by @AndyButland in #18270
- Warn when content is unroutable by @Zeegaan in #17837
🐛 Bug Fixes
- Allow skipSelect blueprints only when one blueprint exists by @callumbwhyte in #17818
- Health Check items "back to overview" link omits backoffice url segment by @matthewcare in #17828
- Add NoopCurrentMemberClaimsProvider so Umbraco can boot without the Delivery API enabled by @kjac in #18049
- Fix create child issue in list view with infinite editor (#13355). by @mvennevold in #17637
- Replaced deprecated navigator.platform with navigator.userAgent for platform detection. by @manutdkid77 in #17373
- Fix settings value begin indifference (17989) by @nielslyngsoe in #18022
- Feature: make areas optional by @nielslyngsoe in #18057
- Numeric property editor range and misconfiguration validation by @AndyButland in #17991
- 15: Convert pagesize properly to skip and take by @Zeegaan in #18069
- Handles migration case where an expected constraint is renamed but the constraint does not exist by @AndyButland in #18063
- Fix: 17764 by @nielslyngsoe in #18093
- Add clientside validation to webhook events by @kjac in #18089
- Allowed retrieval of current user configuration when accessing user profile as a non-admin user by @AndyButland in #18099
- V15/bugfix/Reset image crop button fix by @jonat123 in #18106
- V15: Add authorization to saves by @nikolajlauridsen in #18111
- Make it possible to reset media picker crops by @kjac in #18110
- Redirect to the published URL when exiting preview by @kjac in #18114
- Fix: stop using redirects in collections by @nielslyngsoe in #18112
- Bugfix: Remove sidebar bottom space by @nielslyngsoe in #18087
- Avoid wasting a whole thread watching for a filesystem change 😬 by @JasonElkin in #18119
- Updated the dialog label for User -> Assign Access -> Media Start nodes by @jonat123 in #18043
- updated the link picker modal and the property editors using it. by @jonat123 in #18059
- Bugfix: Align collection item entity actions with menu item entity actions by @madsrasmussen in #18118
- Refreshed display of check results after all checks are complete by @AndyButland in #18131
- Feature: Clean up validation messages by @nielslyngsoe in #18092
- V15: Media library crashes when uploading large files by @iOvergaard in #18113
- Added a check that we have a route before attempting to include it in the other URLs for a published document by @AndyButland in #18135
- Fix: Mandatory for Image Cropper (17372) by @nielslyngsoe in #18108
- Fix: media picker mandatory validation by @nielslyngsoe in #18109
- V13: remove unused parameters and documentation by @iOvergaard in #18095
- Fixes rollback of variant page name by @AndyButland in #18136
- Set document to readonly when a user is not allowe...
Contributors
leekelleher, mattbrailsford, and 27 other contributors