Added
- Add Lock Field Settings and Editor Note on the field editor Advanced tab to help content authors protect important field configuration. Locking dims field settings until Unlock is clicked for the session; notes appear in the field editor banner. (#1189)
- Add Stripe subscription Payment Limit field settings to cancel subscriptions automatically after a fixed or dynamic number of payments using Stripe subscription schedules. (#2123)
- Add Stripe subscription Setup Fee field settings to charge a one-time fee on the first subscription invoice using Stripe invoice items. (#1767)
- Add headless GraphQL payment support: structured Payment field input types, payment follow-up fields on
submitFormieClientForm, and BYO provider documentation. (#1375) - Migrate GoCardless payments from deprecated Redirect Flows to Billing Request Flows, including mandate fulfilment, one-off payment creation, and billing request webhooks. (#2552)
- Add GoCardless recurring subscription support via Direct Debit mandate authorisation and GoCardless subscription creation after billing request fulfilment. (#2552)
Changed
- Improve default theme color contrast for WCAG 2.2 AA — darker error text, muted helper text, and border-only control styling with split border tokens (#2475).
- Add Ajax-safe tab link state theme keys
tabLinkCurrentandtabLinkInactive, with aliases forpageTabLinkActive,pageTabLinkInactive, andpageInactive(#1279).
Fixed
- Fix required asterisk indicator not appearing on Agree fields when the field label is hidden and consent copy is shown on the checkbox label. (#2333)
- Fix rich-text links to internal pages opening in a new tab including
rel="noopener noreferrer nofollow". Internal links now omit the attribute; external links keep it. (#2604) - Fix payment amount parsing for locale-formatted dynamic values (for example
1,234.56,1.750,00, and£750.00) on both the server and in the browser payment modules. (#2334) - Fix payment follow-up states (such as 3D Secure authentication) showing as red validation errors. Action-required and pending payment responses now render as neutral form notices, and Ajax submit payloads include
paymentStatus,paymentMessage,paymentAction, andpaymentDecisionmetadata. (#2660) - Fix Stripe payment intent amounts being sent as floats; minor-unit values are now sent as integers.
- Fix external redirect payments (for example Mollie) leaving users on the status polling page when payment fails. Failed payments now redirect back to the original form URL with a flash error message. (#2502)
- Fix Stripe and other payment follow-up submits re-validating one-time captcha tokens (for example reCAPTCHA v2 checkbox and hCaptcha), which caused duplicate-token spam failures on the second Ajax POST. Incomplete continuation submits now skip captcha screening, matching replay-token behaviour. (#2465)
- Fix hard-coded local-dev payment webhook proxy URL.
paymentWebhookProxyUrlinconfig/formie.phpnow controls the dev-mode proxy base URL (defaulthttps://proxy.verbb.io), or can be set to an empty string to disable proxying. - Fix payment provider settings schema failing to load in the form builder due to a missing
Paymentfield import inFieldsController. - Fix payment provider settings not pre-filling defaults when selecting a provider in the form builder.
- Fix combobox schema fields using a literal “Select an option” empty option instead of a placeholder.