8.3.7

Release date

• June 18th, 2025

Download links

• ⇩ formcycle (master server)
• ⇩ Frontend server
• ⇩ Checksums

Also see the release notes of version 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.3.5, and 8.3.6.

Minor changes

• When deleting one or more plugins, show the name of those plugins in the confirmation dialog.
• Increase the length limit on the custom URL for the workflow action Redirect.
• Improve the content type check for uploaded certificate files.

Fixes

• Fix duplicate directives in the CSP header.
• When the session expires, always show an appropriate message and reload the page. Also small adjustments to prevent the session from expiring. If the session expires, this might manifest as error messages regarding web sockets, as web sockets are closed when the session expires.
• Fix missing icons in dialogs of web forms when using the standard theme.
• Fix potential vulnerability when persistence files are uploaded in order to restore form data.
• Encrypted data in a user's profile are also migrated when changing the database encryption password.

For plugin developers

• Add new plugin type IPluginHtmlTemplateRenderCallback, similar to the existing plugin type IPluginFormRenderCallback. You can use this type of plugin to modify rendered HTML templates and response pages after a form was submitted.
• Add an option to IPluginFormResources that lets you include provided files in HTML response pages and HTML templates as well.
• Add new option autocomplete to the TextEditor of the form designer. If your plugin defines new form oder form element properties, you can configure this editor for the property. The new property lets you provide an autocomplete popup as the user types text into the input field.
• Allow plugins of type IPluginSystemReplacer to access the LanguageTag and the  FormVersion, if available.
• When using the method getJavaScriptRuntimeData from the plugin type IPluginFormDesignerResource, it was not possible to access the provided data immediately, e.g. when registering new form element properties. This was changed so that the data can now be accessed at any time.
• When a plugin of type IPluginFormElementWidget provides a widget that implements the method IXDataSourceOptions#getAllowedDataSourceParameterCount, all defined EDatasource are now taken into account accordingly.
• Removed the library PrettyFaces due to a potential vulnerability and replaced it with the Rewrite Faces Integration library. Plugins that make use of features from that library may need to be adjusted.