- Craft now sends no-cache headers for any request that generates a CSRF token. (#15281, verbb/formie#1963)
- Fixed a JavaScript error that occurred when creating a new custom element source, preventing the Default Sort and Default Table Columns fields from showing up.
- Fixed a bug where the control panel was getting asynchronous CSRF inputs if the
asyncCsrfInputs
config setting was enabled. - Fixed a bug where Craft’s Twig implementation wasn’t respecting sandboxing rules for object properties. (#15278)
- Fixed a bug where assets that the user wasn’t permitted to view could have a “Show in folder” action.
- Fixed focus management with element select inputs after elements were added or removed.
- Fixed a bug where it wasn’t possible to set
title
values on nested Matrix entries, when saving section entries via GraphQL. (#15270) - Fixed a SQL error that could occur if a
DECIMAL()
expression was passed into a query’sselect()
orgroupBy()
methods. (#15271) - Fixed a bug where the “Delete (with descendants)” element action wasn’t deleting descendants. (#15273)
- Fixed an error that could occur when upgrading to Craft 5 if the database user didn’t have permission to disable foreign key constraints. (#15262)