Backdrop CMS v1.16.2 Release Notes

Release Date: 2020-06-17 // 11 months ago
  • ๐Ÿš€ Maintenance release for Backdrop CMS. This update contains security updates and bug fixes only.

    ๐Ÿš€ Previously, if a form submission failed Backdrop's cross-site request forgery protection, the submitted form values would be re-displayed to the user along with a message advising them to copy their previously submitted values and reload the page. Beginning with this release, the form is shown without any values for security reasons, and the user is prompted to press the back button to return to their previously entered values.

    โšก๏ธ The user-facing translatable string that appears when a form is outdated has also been changed, and translations of it will need to be updated.

    โšก๏ธ Notes for updating:

    • No changes have been made to the .htaccess, robots.txt, or default settings.php files in this release, so updating customized versions of those files is not necessary.
    • The database update script does not need to be run

    ๐Ÿ”„ Changes since 1.16.1

    • ๐Ÿ”’ Security Fix, see BACKDROP-SA-CORE-2020-004
    • โšก๏ธ Issue #4423: Fix incorrect t() parameter usage in update_mail().
    • Issue #4419: prevent new empty formats if disabled ones exist
    • Issue #4431: Use link for backups help.
    • ๐Ÿ“š Issue #3044: Update cron links to use documentation.
    • Issue #3734: Fix broken template rescan in views.
    • ๐Ÿ“š Issue #4223: Correct API groups for Field UI documentation.
    • Issue #4146: Minor change to text in contact module.
    • Issue #4281: Enforce password value requirement on reset form.
    • Issue #4434: Optimize color_css_alter() to reduce number of file system checks.
    • ๐Ÿšš Issue #4424: Remove unnecessary string concatenations.