Fixed
- Fixed missing authorization for
integrations/form-settings, which could allow SSRF and exposure of integration credentials. - Fixed missing authorization when resuming incomplete submissions via the
submitaction. - Fixed missing authorization for
sent-notifications/get-resend-modal-content. - Fixed
save-submissionaccepting sensitive parameters from front-end requests. - Fixed an XSS vulnerability for importing forms with manipulated form title, handle, or notification name content.
- Fix
SubFieldInterfacevsSubfieldInterfacereferences.