- Security: New uploaded files will now use file protection even when file protection is turned off before the form has been submitted. File access for most file types is now limited to users with the frm_edit_entries capability only. All new files will also include X-Robots-Tag: noindex to ensure that search engines never crawl new temporary files.
- Security: Added additional validation and sanitizing to file uploads.
- Security: The frm_stop_file_switching was only running for forms with file protection turned on. To avoid breaking forms with dynamic files, this is still off by default for forms without file protection on. To improve file upload security for unprotected forms, we recommend adding this filter and returning false. See https://formidableformscom.bigscoots-staging.com/knowledgebase/frm_stop_file_switching/ for more information and examples.
- New: A new option to prevent search engines from indexing uploads has been added to Form Permission Settings. This new setting requires that file protection is also turned on. For forms that allow public uploads this setting is highly recommended.
- New: The placeholder pdf, document, and spreadsheet icons for uploaded files are now also applied when viewing file uploads when dropzone is disabled. The document icon will now be used for inaccessible files and other file types as well that do not support a preview.
- New: The [frm-field-value] truncate option now supports the more_text option as well to replace the default ... that appears.
- Fix: Errors were not properly appearing when dropzone was disabled and an unsupported file type was included in the form submission.