Ninja Forms – The Easy and Powerful Forms Builder

(2 September 2022) = Bug Fixes: * Fixes an issue with trailing commas * Fixes an issue for some users on PHP7.4 and below. Other Enhancements: * Update 'tested to'

=

(30 August 2022) = Bug Fixes: * Prevent object wakeup in unserialize * Correct errant variable name is submissions check Other Enhancements: * Smart suggestions for extensions * Update 'tested to'

=

(22 June 2022) = Bug Fixes: * Fixed naming collision with reCaptcha cookie check * HTML re-enabled in field labels for users with correct capabilities * Removed orphaned repeater field setting from advanced settings * Fixed form imports for non-UTF-8 encoded files

=

(14 June 2022) = Security Enhancements * Apply more strict sanitization to merge tag values

=

(14 June 2022) = Security Enhancements * Apply more strict sanitization to merge tag values

=

(14 June 2022) = Security Enhancements * Apply more strict sanitization to merge tag values

=

(14 June 2022) = Security Enhancements * Apply more strict sanitization to merge tag values

=

(14 June 2022) = Security Enhancements * Apply more strict sanitization to merge tag values

=

(14 June 2022) = Security Enhancements * Apply more strict sanitization to merge tag values

=

(14 June 2022) = Security Enhancements * Apply more strict sanitization to merge tag values

=

(07 June 2022) = Bug Fixes: * Retrigger emails from Submissions page if form only has 1 Email Action * Invalid Date message triggered by Date Picker Field * Typo in Delete Form popup * Importing a form sets the Step value of any Number field to 1, regardless of the Export value * Front End Checkbox/Radio lists are not keyboard accessible * Form Preview Page does not work in themes that enable full site editor * Public link not working in some themes * Checkbox Fields with a checked calc value of 0 evaluate to 1 in JS * Activating Layouts & Styles removes merge tags from email actions until the form is republished * Trigger error when cookies for reCaptcha v3 were not allowed ( Implemented with hooks ) * Submissions page select dates filter restored

Security Enhancements * Improve escaping on field template labels and values reported responsibly by Ryan at WP Scan * Improve sanitization of label values * Improve authorization check for field imports

=

(24 March 2022) = Bug Fixes: Restore "Download All Submissions" functionality

(14 March 2022)

Bug Fixes: Correct Repeatable Fieldset CSV output, was Array Array Array Add "Trash" view to React submissions page Fix broken submission view when Date field added to converted CF form

Security Enhancements Remove CSV temp files stored in publicly accessible location, reported responsibly by Agence Web Coheractio - Paris at https://www.coheractio.com

=

= 3.6.8 (14 March 2022)

Bug Fixes: Correct Repeatable Fieldset CSV output, was Array Array Array Add "Trash" view to React submissions page Fix broken submission view when Date field added to converted CF form

Security Enhancements Remove CSV temp files stored in publicly accessible location, reported responsibly by Agence Web Coheractio - Paris at https://www.coheractio.com

(30 November 2021)

Bug Fixes:

• Fix Danish/Finnish language halts submissions page display
• Exclude confirm field from submission data
• Scroll list fields to prevent extremely tall rows
• Correctly display checkbox value in submission table
• Fix PHP warning on column control
• Remove note, html, submit, confirm fields from CSV export
• Use set date format on CSV export
• Prevent XSS in form title

=

(15 November 2021)

Bug Fixes:

• Rename 'store submission' to record submission'
• Enable extra data column headers in CSV export
• Use admin labels in tables and export

=

(04 November 2021)

Bug Fixes:

• Ensure submission column selections are remembered for next viewing
• Ensure date time is properly displayed in submission popup editor
• Display calculations metabox in submissions
• Add temporary submissions page rollback option
• Fix failing search results on submissions page
• Ensure checkbox displays correct value, not always 'checked'

=

(25 October 2021)

Bugs:

• Prevent data timeout error by reducing size of initial submission request
• Prevent SQL injection from field key
• Prevent overwriting of ConvertKit action name during import
• Ensure forms that don't have email actions appear in submission page list

=

(18 October 2021)

Bugs:

• Update submission link on form dashboard
• Check for CF database before adding CF data source

=

(12 October 2021)

Bugs:

• Ensure submissions appear when timezone setting puts submission ahead of current timestamp

=

(11 October 2021)

Bugs:

• Move sequence id from submission editing to metadata
• Use correct popup for autogenerate Add New modals

Changes:

• Ignore build files from commit

=

(04 October 2021)

Changes:

• Enable display of Caldera Forms submissions in Ninja Forms submission table

=

(22 September 2021)

Bugs:

• Ensure sanitized values enables spaces between classNames

=

(21 September 2021)

Bugs:

• Ensure cached value of form is stored with sanitized value

=

(15 September 2021)

Bugs:

• Resolved security vulnerability of admin+ stored XSS on form design

=

(07 September 2021)

Bugs:

• Resolved security vulnerability in the submissions route. Responsibly reported by Chloe Chamberland at Wordfence.
• Resolved an issue that rarely caused submission to fail on forms containing a multiselect field.

Changes:

• Updated several of our build dependency packages.
• Automated build and deploy to SVN.

=

(5 July 2021) =

Bugs:

• Resolved an error that was causing the plugin to crash on sites using a PHP version below 7.0.

=

(29 June 2021) =

Bugs:

• Bulk resend email should now properly populate the email subject line instead of using a default value.
• Repeatable fieldset data should now display properly in the submission block.
• Corrected an issue that was preventing forms from displaying when repeatable fieldsets contained a date field, a rich text enabled paragraph field, or a field with a custom mask.
• When set, the submission limit should now be properly enforced on submissions made via forms loaded before the limit was reached.
• Move to trash should once more be available in the bulk actions on the submissions page.

=

(07 June 2021) =

Changes:

• Added support for Google Recaptcha V3.
• Added a new option to resend email actions from the submissions table.
• Added the ability to export multiple form submission CSVs at once.

Bugs:

• Fixed a bug that caused an extra : to be shown in the date field on older forms.
• Fixed a bug with field settings that caused some settings to not show when they should have.
• Multiple Recaptchas on the same page should work properly.

=

(21 April 2021) =

Changes:

• The Date Field is now the Date/Time Field. This field now allows for Date, Time, and Date & Time selection.

Bugs:

• Fixed a bug that caused ReCaptcha fields to fail if more than one appeared on the page.
• Fixed a conflict with iThemes that was causing a fatal error.

=

(1 April 2021) =

Changes:

• Final deprecation phase of Ninja Forms 2.9x codebase.

=

(24 March 2021) =

Changes:

• Removed some legacy settings that were no longer required for new installs.

Bugs:

• Resolved an issue that was causing errors when Array values were used in API requests.
• The Ninja Forms block should now fill the entire width of the block editor.
• Fixed an error that was causing a depreciated method warning when using the classic editor.
• Forms should now display again in Internet Explorer 11.
• Resolved an issue that was causing the Ninja Forms dashboard to crash if there was an issue with wp_cron.
• Fixed some PHP warnings related to our checkbox list field.

=

(17 February 2021) =

Changes:

• Repeatable Fieldsets have arrived! For a quick look at how to get those setup, check out our new documenation for them.

Bugs:

• Our block editor code should now only load on pages where it is actually needed, leading to less page load time in the admin dashboard.
• Resolved an issue that was always causing required checkbox list fields to throw a required error on submission.
• The Ninja Forms block should now properly display the form in the page editor if WordPress has been installed in a subdirectory.
• Cleaned up a few notices and warnings that were displaying on sites running PHP 8.

=

(15 February 2021) =

Changes:

• Repeatable Fieldsets have arrived! For a quick look at how to get those setup, check out our new documenation for them.

Bugs:

• Our block editor code should now only load on pages where it is actually needed, leading to less page load time in the admin dashboard.

=

(8 February 2021) =

Security:

• Added a missing permissions check in our services connection manager reported responsibly by Chloe Chamberland at Wordfence.
• Patched a potential XSS vulnerability in our querystring merge tag.
• Added a missing filter that should have been excluding some personal information fields from the CSV attachment on Email Actions.

=

(25 January 2021) =

Bugs:

• Forms should once again load properly in Internet Explorer 11.
• Single checkbox fields should now properly display their values in the submission table.
• Updated our dashboard styling to resolve an issue where some translations were resulting in action buttons being obscured.
• Restored drag and drop functionality for adding fields in the form builder.

Security:

• Patched a couple of vulnerabilities in our services oAuth controller reported responsibly by Chloe Chamberland at Wordfence.

=

(9 December 2020) =

Bugs:

• Cleaned up a few conflicts with WordPress version 5.6.
  • Toggle switches in the form builder should now be working as expected.
  • Pre-selected options for lists should now persist properly in the form builder.
  • Element styling of some buttons should properly reflect the active or inactive status of the button.

=

(16 November 2020) =

Bugs:

• Patched an issue with our new date field library that was causing it to display improperly on some mobile devices.

=

(12 November 2020) =

Changes:

• Our date field library has been updated! For you developer types out there, weve switched from pikaday to flatpickr.
• Updated some of our form builder scripts in preparation for WordPress 5.6.

Bugs:

• Fixed a visual issue that sometimes allowed the Ninja Forms Dashboard view to extend beyond the width of the browser window.
• Resolved an error that sometimes caused an error message to appear when loading the Dashboard for the first time on a new installation.
• Resolved an error in our termslist field that caused the form builder to crash if you opened a form that was previously mapped to a term that had been deleted.
• Resolved an error that was sometimes causing PDF exports or emails with PDF attachments to fail.

=

(22 September 2020) =

Bugs:

• Resolved an issue that was causing a fatal error on sites running PHP 5.6 or older.

=

(18 September 2020) =

Changes:

• The Views Table Block has arrived!
• Updated the Ninja Forms Block to be more in-line with current Gutenberg conventions.
• Improved the efficiency of submission limit checks.
• The SendWP service can now be linked to the Ninja Forms dashboard.
• Apps & Integrations are now grouped by category for easier sorting.
• Updated color contrast of the form builder to be WCAG compliant.
• Custom Action now requires developer mode to be enabled.
• Updated the File Upload form template.

Bugs:

• Corrected improperly named filter for save action settings.
• Cleaned up some improperly escaped code on our get help page.
• Updated graphics associated with our add-ons to make them display properly.
• Corrected an issue that was causing the password field on our settings page to not properly save values.
• Increased the priority of our form builder class to ensure it properly loads over other elements on the page.
• Field duplication no longer improperly updates the target of calculations.
• Corrected the order of our submenu items.
• Added missing dependency for our blocks.

Security:

• Patched a CSRF vulnerability in our services integration reported responsibly by Slavco Mihajloski.
• Patched a validation bypass vulnerability in our email field.
• Added escaping for HTML content of fields in the submissions table.

=

(18 September 2020) =

Changes:

• The Views Table Block has arrived!
• Updated the Ninja Forms Block to be more in-line with current Gutenberg conventions.
• Improved the efficiency of submission limit checks.
• The SendWP service can now be linked to the Ninja Forms dashboard.
• Apps & Integrations are now grouped by category for easier sorting.
• Updated color contrast of the form builder to be WCAG compliant.
• Custom Action now requires developer mode to be enabled.
• Updated the File Upload form template.

Bugs:

• Corrected improperly named filter for save action settings.
• Cleaned up some improperly escaped code on our get help page.
• Updated graphics associated with our add-ons to make them display properly.
• Corrected an issue that was causing the password field on our settings page to not properly save values.
• Increased the priority of our form builder class to ensure it properly loads over other elements on the page.
• Field duplication no longer improperly updates the target of calculations.
• Corrected the order of our submenu items.

Security:

• Patched a CSRF vulnerability in our services integration reported responsibly by Slavco Mihajloski.
• Patched a validation bypass vulnerability in our email field.
• Added escaping for HTML content of fields in the submissions table.

=

(17 September 2020) =

Security:

• Patched a CSRF vulnerability in our services integration reported responsibly by Slavco Mihajloski.
• Patched a validation bypass vulnerability in our email field.

=

(9 September 2020) =

Bugs:

• Resolved an issue that sometimes caused the merge tag menu to not open properly in the form builder.

=

(25 August 2020) =

Bugs:

• Sites with WP_DEBUG enabled should no longer display a deprecated parent error on PHP version 7.4.
• Resolved an issue that was preventing our Screen Options settings from being saved on the submissions page.

=

(12 August 2020) =

Bugs:

• Resolved an issue that caused settings changed with a toggle switch to not be saved on WordPress 5.5.

=

(21 May 2020) =

Security:

• Patched an HTML injection vulnerability in our deprecated 2.9x codebase reported responsibly by Dave Job.

Bugs:

• Corrected an error in our required field validation that was allowing targeted spam through the submission process.

=

(28 April 2020) =

Security:

• Fixed Cross-Site Request Forgery(CSRF) to stored Cross-Site Scripting(XSS) reported responsibly by Ramuel Gall (Wordfence Threat Intelligence Team).

=

(5 March 2020) =

Security:

• Patched an HTML injection vulnerability in our merge tag system. Many thanks to Tom Standley at ContainCo for practicing responsible disclosure.

Bugs:

• User permission filters should now work as expected.
• Select image fields should now work properly when dev mode is disabled.
• Resolved an error that was causing php warnings on some API calls.
• Email settings should now properly read email addresses surrounded by <> characters.
• Resolved an error that was causing deprecated function warnings in php error logs.
• Forms with calculations should now display properly on sites using a "formal" language setting.
• Export should now properly appear as an option in the bulk actions on the submissions page.
• Resolved an error that was preventing the add-on manager from installing plugins.

Changes:

• Add-on updates will now enforce php requirements if the current version on the installation is below the minimum for the add-on.

=

(2 March 2020) =

Bugs:

• User permission filters should now work as expected.
• Select image fields should now work properly when dev mode is disabled.
• Resolved an error that was causing php warnings on some API calls.
• Email settings should now properly read email addresses surrounded by <> characters.
• Resolved an error that was causing deprecated function warnings in php error logs.
• Forms with calculations should now display properly on sites using a "formal" language setting.
• Export should now properly appear as an option in the bulk actions on the submissions page.
• Resolved an error that was preventing the add-on manager from installing plugins.

Changes:

• Add-on updates will now enforce php requirements if the current version on the installation is below the minimum for the add-on.

=

(12 February 2020) =

Security:

• Patched a delayed XSS vulnerability in our email action.
• Hardened the authorization security on our settings page.
• Patched a stored XSS vulnerability on our settings page. Many thanks to Ben Armstrong at Spider Sec Ltd for practicing responsible disclosure!

Bugs:

• Ninja Forms should now properly honor user profile language settings if they are not the site default.
• Opening the form builder should no longer result in a php warning about an invalid argument.
• Cleaned up our publish code to avoid a few other php warnings.

Changes:

• Updated our event registration template to be more accessibility compliant.

=

(4 February 2020) =

Security:

• Hardened the authorization security on several of our form endpoints.
• Audited all translation functions to prevent injection attacks.

=

(21 November 2019) =

Bugs:

• The unique field restriction should no longer block payment actions from completing.
• Corrected an error that was preventing the current list of favorite fields from displaying in any location.
• Updated some of our builder styles to account for updates in WordPress 5.3.
• Corrected an error that sometimes caused the images in the select image field to not be found.
• Disabled an internal error logging function that was sometimes causing bloat in our database tables.

Changes:

• Email actions now support file attachments from the WordPress media library.

=

(11 November 2019) =

Bugs:

• Added a missing label to our honeypot field, in case styling errors somehow make it visible.
• Removed an errant console message from our admin dashboard.
• Resolved an issue that was sometimes resulting in warnings being written to logs on form load.
• Modified our Gutenberg block to prevent it from displaying improperly on Bedrock installations.

Changes:

• The select image field has arrived!
• Added functionality for resetting the public link on a form.
• Forms in the dashboard can now be sorted by shortcode (ID).
• Added merge tags for form title, form id, and username (if authenticated).

=

(19 September 2019) =

Bugs:

• Resolved an issue that was causing public links to fail on duplicated forms.
• The merge tag selector box in the form builder should no longer appear halfway off the page on smaller screen sizes.
• Long field keys should no longer cause the merge tag list to cover up the categories in the merge tag selector box.
• Resolved an issue that was causing some actions to fail after returning from a redirected payment gateway.
• List field options on imported forms should now appear in the correct order in the form builder.

=

(16 September 2019) =

Bugs:

• Resolved an error that rarely caused form import to output as successful, when it had actually failed.
• The unique field restriction should no longer honor "nothing" as a valid value.
• Removed some deprecated dependencies that were throwing notices in the block editor.
• Updated list field item import in the form builder to make it less confusing.

=

(15 August 2019) =

Security:

• Removed an outdated template that was localizing a couple server variables.

Bugs:

• Currency masks should no longer prevent text fields from working properly in calculations.
• Cleaned up a few php notices due to older functions.
• Corrected the issue that was preventing required updates from completing. (Required updates remain disabled for the time being.)
• Number fields with a minimum value will now display that value as a placeholder, not a value.
• Switched the first and last name translations in our French translation pack.
• Added a missing attribute that was required by screen readers to the fields on our submission editor page.
• Resolved an error that was causing multi-select lists to not work properly in calculations.
• Submission limits should now be honored for forms that were displayed before the limit was reached.
• Dynamic option values should now work for ALL list types.
• Resolved an issue that was causing forms to display as code in some page builders.
• SendWP registration should no longer cause an error when the SendWP plugin is already installed.
• Resolved an issue that was causing several of our action settings to display improperly in Firefox.
• Corrected a problem that was sometimes causing submission of forms with a PayPal action to fail.

Changes:

• The Advanced tab in the form builder should now communicate that developer mode is disabled, if that is the case.
• Added currency support for the Russian Ruble and the Chinese Yuan.

=

(12 August 2019) =

Security:

• Removed an outdated template that was localizing a couple server variables.

Bugs:

• Currency masks should no longer prevent text fields from working properly in calculations.
• Cleaned up a few php notices due to older functions.
• Corrected the issue that was preventing required updates from completing. (Required updates remain disabled for the time being.)
• Number fields with a minimum value will now display that value as a placeholder, not a value.
• Switched the first and last name translations in our French translation pack.
• Added a missing attribute that was required by screen readers to the fields on our submission editor page.
• Resolved an error that was causing multi-select lists to not work properly in calculations.
• Submission limits should now be honored for forms that were displayed before the limit was reached.
• Dynamic option values should now work for ALL list types.
• Resolved an issue that was causing forms to display as code in some page builders.

Changes:

• The Advanced tab in the form builder should now communicate that developer mode is disabled, if that is the case.
• Added currency support for the Russian Ruble.

=

(19 June 2019) =

Bugs:

• Resolved an issue that sometimes caused required updates to fail due to allowed server memory.
• Public form link should now be more reliable without needing to update site permalinks.
• Corrected a typo in the shortcode output of the Display Your Form settings.
• Dailed back our add-on updater script. It was checking for updates too often.
• Resolved an issue that was sometimes causing form submission to hang on processing, even though it had finished submitting data.
• Corrected a typo in the help text for auto-adding a submit button.
• Dynamic options in lists should now work properly everywhere, not just on form display.
• Fixed a couple of broken links on our Get Help page.
• The public link setting should no longer appear on the dashboard for forms where it is not enabled.
• Resolved an issue that sometimes caused the form dashboard to not display.
• Temporarily disabled required updates in order to investigate a reported issue with them freezing.

Changes:

• Updated our Details page in the WordPress repo.
• Date fields can no longer be added to calculations.

=

(18 June 2019) =

Bugs:

• Resolved an issue that sometimes caused required updates to fail due to allowed server memory.
• Public form link should now be more reliable without needing to update site permalinks.
• Corrected a typo in the shortcode output of the Display Your Form settings.
• Dailed back our add-on updater script. It was checking for updates too often.
• Resolved an issue that was sometimes causing form submission to hang on processing, even though it had finished submitting data.
• Corrected a typo in the help text for auto-adding a submit button.
• Dynamic options in lists should now work properly everywhere, not just on form display.
• Fixed a couple of broken links on our Get Help page.
• The public link setting should no longer appear on the dashboard for forms where it is not enabled.
• Resolved an issue that sometimes caused the form dashboard to not display.

Changes:

• Updated our Details page in the WordPress repo.
• Date fields can no longer be added to calculations.

=

(18 June 2019) =

Bugs:

• Resolved an issue that sometimes caused required updates to fail due to allowed server memory.
• Public form link should now be more reliable without needing to update site permalinks.
• Corrected a typo in the shortcode output of the Display Your Form settings.
• Dailed back our add-on updater script. It was checking for updates too often.
• Resolved an issue that was sometimes causing form submission to hang on processing, even though it had finished submitting data.
• Corrected a typo in the help text for auto-adding a submit button.
• Dynamic options in lists should now work properly everywhere, not just on form display.
• Fixed a couple of broken links on our Get Help page.
• The public link setting should no longer appear on the dashboard for forms where it is not enabled.

Changes:

• Updated our Details page in the WordPress repo.
• Date fields can no longer be added to calculations.

=

(17 May 2019) =

Bugs:

• Updated our form load process to better account for reported excessive page load times.
• Resolved an issue that was causing various add-ons to behave strangely when there were multiple forms on a single page.
• Restored the display of some action settings that were being improperly hidden in the form builder. (e.g. Stripe metadata and Update Profile custom meta.)
• Resolved an issue that sometimes caused submission to freeze when a required field was left empty.
• Forms should no longer fail to display when a total field is referenced in a calculation.

Changes:

• "Light" opinionated styles are now enabled by default on new Ninja Forms installations.

=

(13 May 2019) =

Bugs:

• Updated our form load process to better account for reported excessive page load times.
• Resolved an issue that was causing various add-ons to behave strangely when there were multiple forms on a single page.

Changes:

• "Light" opinionated styles are now enabled by default on new Ninja Forms installations.

=

(7 May 2019) =

Bugs:

• Multiple instances of the same form can now be loaded on a page.
• Resolved an issue that sometimes prevented favorite fields from being added to a form.
• Realistic preview of multiselect fields will now render more accurately in the builder.
• Resolved an issue that sometimes caused required updates to miscommunicate completion progress.
• Field keys should once more be accessible in submission filters.
• Querystring merge tags should no longer display their tags when the querystring is not present.
• Builder help texts should no longer contain unrendered HTML elements.

Changes:

• Added currency support for the Malaysian Ringgit.
• Added realistic field support for the save button and password field in the form builder.
• Some settings have been registered as developer options, which will be disabled by default to avoid settings clutter.
• Public links are now available for Ninja Forms! Found next to the publish button, public links provide form access to anyone with the link. Just copy and paste the unique URL and anyone can see and use your form.

=

(15 April 2019) =

Bugs:

• Resolved an issue that caused the form builder to crash when editing forms that had a select list with no options.

=

(10 April 2019) =

Bugs:

• Resolved an issue that sometimes caused submission dates to show inaccurately in the submissions table.

Changes:

• We've upgraded our form building experience with realistic field representations!

=

(4 April 2019) =

Bugs:

• Resolved several issues that sometimes caused notices to be logged on newer versions of php.
• Changed the priority of the redirect action so that it should always fire last.
• Calculations should now have more consistent results when numbers are input in international formats.
• Resolved an error that was causing form submission to fail on some php versions.
• Corrected an issue that sometimes caused forms with large calculations to not display properly.

Changes:

• The following field types have been deprecated: Product, Quantity, Shipping, Total.

=

(3 April 2019) =

Bugs:

• Resolved several issues that sometimes caused notices to be logged on newer versions of php.
• Changed the priority of the redirect action so that it should always fire last.
• Calculations should now have more consistent results when numbers are input in international formats.
• Resolved an error that was causing form submission to fail on some php versions.

Changes:

• The following field types have been deprecated: Product, Quantity, Shipping, Total.

=

(2 April 2019) =

Bugs:

• Resolved several issues that sometimes caused notices to be logged on newer versions of php.
• Changed the priority of the redirect action so that it should always fire last.
• Calculations should now have more consistent results when numbers are input in international formats.

Changes:

• The following field types have been deprecated: Product, Quantity, Shipping, Total.

=

(19 March 2019) =

Changes:

• Upgrade to THREE for legacy users will no longer immediately trigger additional required updates.
• Introducing SendWP - A dedicated WordPress email solution!

=

(13 February 2019) =

Bugs:

• Resolved an issue that was sometimes causing the submission sequence to reset.

=

(5 February 2019) =

Bugs:

• Resolved an issue that was causing some form imports to fail.
• Submission exports of checkbox fields that have been modified by an admin should now display their proper value in the csv.
• Resolved an issue that was rarely causing actions to fire twice.

=

(17 January 2019) =

Bugs:

• Resolved an issue that sometimes caused fields to not appear on the form after publish.
• Corrected an error that was causing form duplication to fail.
• Sites with WP_DEBUG enabled should no longer display an undefined 'maintenance' column error on form load.

=

(15 January 2019) =

Bugs:

• Corrected an error that was causing form duplication to fail.
• Sites with WP_DEBUG enabled should no longer display an undefined 'maintenance' column error on form load.

Changes:

• Implemented a new import process, which should be more reliable with large form imports.
• Upgraded our data structure to reduce loading times for forms and the form builder.

=

(14 January 2019) =

Changes:

• Implemented a new import process, which should be more reliable with large form imports.
• Upgraded our data structure to reduce loading times for forms and the form builder.

=

(10 January 2019) =

Security:

• (2.9x) Duplicated previous blind SQL injection patch for our deprecated 2.9x codebase. Many thanks to Plugin Vulnerabilities for reporting that our initial pass missed this.

=

(7 January 2019) =

Security:

• Patched a blind SQL injection vulnerability in the search filter on our submissions page. Thank you to Samuel Anttila at netsec.expert for practicing responsible disclosure.

=

(3 January 2019) =

Security:

• Patched a reflected XSS vulnerability in our administrative dashboard. Thank you to Samuel Anttila at netsec.expert for practicing responsible disclosure.

Bugs:

• Resolved an issue that caused our Gutenberg Block to not dispaly in the post editor when the Twenty Ninteen theme is active.

Changes:

• Product and quantity field merge tags can no longer be referenced in calculations.

=

(2 January 2019) =

Bugs:

• Resolved an issue that caused our Gutenberg Block to not dispaly in the post editor when the Twenty Ninteen theme is active.

Changes:

• Product and quantity field merge tags can no longer be referenced in calculations.

=

(6 December 2018) =

Changes:

• Finalized the Gutenberg block. (No longer a Beta feature.)

=

(29 November 2018) =

Security:

• Patched an open redirect vulnerability using a url parameter in our submission download page. Thank you to Muhammad Talha Khan for practicing responsible disclosure.

=

(20 November 2018) =

Bugs:

• Placeholder text should now be visible in number fields that have a minimum value.
• Corrected an error that was sometimes causing number fields to clear themselves when Multi-part Forms is active.

Changes:

• The rich text editor in the form builder should now wrap lines while in code view.

=

(14 November 2018) =

Security:

• Patched a redirect XSS vulnerability using code injection on our submissions page.

Bugs:

• Resolved an issue where the WordPress is_search function was being called incorrectly in some cases.
• Custom columns should no longer be added to non-Ninja Forms custom post types with meta values containing '_field'.
• Resolved an issue that sometimes caused error log entries related to an invalid IP.
• The form selector on the submissions page should now be visible on mobile devices.
• Resolved an issue that sometimes caused CSV exports to have multiple header rows.

=

(16 October 2018) =

Bugs:

• Pressing the tab key while in the delete a form modal should now shift focus to the delete button.
• Resolved an issue that could have caused some display issues on the dashboard due to cached scripts.

Changes:

• Updated several of our product images on the apps & integrations tab of the dashboard.
• Our in-app marketing feed will now fetch from a remote site for more swift product updates.
• Ninja Shop has arrived!

=

(17 September 2018) =

Bugs:

• Resolved an issue that was sometimes causing upgrades on multi-site to delete forms from other sites on the installation.
• Corrected a bad reference in our Create a Post template documentation.
• List field values sent in an email via CSV should no longer display as NULL if their value was 0.
• Resolved a couple issues that were causing server warnings.

Changes:

• Removed some outdated objects to improve speed of publish.
• Added modal on downgrade to prevent accidental usage.
• Password fields have been deprecated in Ninja Forms core. Some of our add-ons will still utilize them.

=

(31 August 2018) =

Bugs:

• Fixed an issue causing errors when forms containing checkboxes had csv files attached to Email Actions

=

(28 August 2018) =

Security:

• Patched an XSS vulnerability that allowed javascript injection into the form import function. Many thanks to Adam Roberts for practicing responsible disclosure.
• Patched a CSV injection vulnerability that allowed user values to run some scripts when opening exported CSV files with Excel.

Bugs:

• The selector in the add a form modal should now scroll properly instead of being cut off by the bottom of the browser when it contains a large number of forms.
• Resolved an issue that sometimes caused the character limit option for paragraph fields to count words instead.

=

(27 August 2018) =

Security:

• Patched an XSS vulnerability that allowed javascript injection into the form import function. Many thanks to Adam Roberts for practicing responsible disclosure.
• Patched a CSV injection vulnerability that allowed user values to run some scripts when opening exported CSV files with Excel.

Bugs:

• The selector in the add a form modal should now scroll properly instead of being cut off by the bottom of the browser when it contains a large number of forms.
• Resolved an issue that sometimes caused the character limit option for paragraph fields to count words instead.

=

(8 August 2018) =

Changes:

• Added the abililty to have no default value for Country and State fields.
• Added the Indian Rupee to the list of available currencies
• Removed unnecessary comments from the main field template

Bugs:

• User Meta Tags will no longer print out the tag when users are not logged in

=

(31 July 2018) =

Bugs:

• Resolved an issue that sometimes caused form titles to not display in dropdown menus.

=

(23 July 2018) =

Changes:

• Updated save methods for form settings to reduce potential encoding errors.

=

(16 July 2018) =

Bugs:

• (Beta) The Ninja Forms Gutenberg block should now work properly on the newest version of Gutenberg.
• Min and max values for number fields should once more accept decimal values.
• Resolved an issue that was sometimes causing a description text block to be output, even if it contained no text.
• Radio lists should now properly display the default value when using our opinionated styles.

=

(6 July 2018) =

Security:

• Patched a vulnerability that could allow certain Export Personal Data requests to retrieve unrelated submission data.

Bugs:

• Fixed a broken image link in the Edit User Profile template.
• Resolved an issue that was very rarely causing the conversion process to run again after upgrade, removing all forms but the default Contact Me.

=

(2 July 2018) =

Bugs:

• The styling of the Ninja Forms settings page has been corrected.
• Forms can once again be previewed before they have been published.
• Resolved an issue that was sometimes causing submission expiration to not register properly on publish.
• The submission expiration setting will no longer accept a negative number as valid input.

Changes:

• Ninja Forms has migrated to GitLab! All repository links should now be updated.
• Added an expired submissions cleanup button to our settings page to supplement cleanup on sites with a large number of submissions.

=

(21 June 2018) =

Bugs:

• Resolved an issue that sometimes caused the form builder to crash when deleting a field.
• Submissions removed by the expired submissions feature should now be moved to the trash instead of completely removed.

=

(20 June 2018) =

Bugs:

• Made some performance updates to several of our popup modals.
• The agency remove marketing hook should now properly hide the new services tab.
• Resolved an issue that sometimes caused the form builder to crash when deleting a field.

Changes:

• Fields now display admin labels (if they exist) instead of labels in the store submission action settings.
• Added a tooltip to the value section of list fields, giving details about allowed characters.
• List field merge tags can now be configured to show labels instead of values by appending ":label" to the merge tag.
• The store submissions action can now be configured to remove submissions that exceed a defined timeframe.
• Added a confirm modal to field deletion to prevent accidental removal of data.

=

(18 June 2018) =

Bugs:

• Made some performance updates to several of our popup modals.
• The agency remove marketing hook should now properly hide the new services tab.

Changes:

• Fields now display admin labels (if they exist) instead of labels in the store submission action settings.
• Added a tooltip to the value section of list fields, giving details about allowed characters.
• List field merge tags can now be configured to show labels instead of values by appending ":label" to the merge tag.
• The store submissions action can now be configured to remove submissions that exceed a defined timeframe.
• Added a confirm modal to field deletion to prevent accidental removal of data.

=

(11 June 2018) =

Bugs:

• Resolved an issue that was preventing placeholder text from appearing in paragraph text fields.

Chnages:

• Unlocked the services tab.
• (Beta) Ninja Forms Add-on Manager is now available.
• Ninja Mail - Transactional Email is now available.

=

(5 June 2018) =

Bugs:

• Resolved an issue that sometimes caused our opt-in modal to become undismissable.
• Fields that do not actually save data should no longer appear in the include/exclude fields list for the store submission action.
• Improved performance of our Add Form modal in the post editor.
• Resolved an issue that sometimes caused the Submissions page to display as a white screen.

Changes:

• (GDPR) Fields excluded by the store submission action will now show their values as (redacted) in the edit submission screen, rather than displaying nothing.
• (GDPR) The delete data request action now includes a setting to specify anonimization of Ninja Forms data, rather than full deletion.
• (GDPR) Fields now have a setting to specify if they are personally identifiable data.
• Registered a cleanup process to take care of some outdated and unnecessary data we have been storing in various data records.
• Added several ARIA attributes to the fields that were missing them.
• The Delete All Data button now cleans up several additional options that we'd recently added.
• The list of actions in the form builder has been updated, and non-enabled actions now include a short blurb describing their usage.

=

(4 June 2018) =

Bugs:

• Fields that do not actually save data should no longer appear in the include/exclude fields list for the store submission action.
• Improved performance of our Add Form modal in the post editor.
• Resolved an issue that sometimes caused the Submissions page to display as a white screen.

Changes:

• (GDPR) Fields excluded by the store submission action will now show their values as (redacted) in the edit submission screen, rather than displaying nothing.
• (GDPR) The delete data request action now includes a setting to specify anonimization of Ninja Forms data, rather than full deletion.
• (GDPR) Fields now have a setting to specify if they are personally identifiable data.
• Registered a cleanup process to take care of some outdated and unnecessary data we have been storing in various data records.
• Added several ARIA attributes to the fields that were missing them.
• The Delete All Data button now cleans up several additional options that we'd recently added.
• The list of actions in the form builder has been updated, and non-enabled actions now include a short blurb describing their usage.

=

(22 May 2018) =

Bugs:

• Resolved a bug that was sometimes causing clicks to not register in the admin.
• Removed a fatal error caused by having a WordPress version below 4.9.6.
• Export personal data requests created by anonymous uers through Ninja Forms should no longer error out in the admin.
• Updated a setting in our submissions to prevent them from being shown in archives created by WordPress.

Changes:

• Individual fields can now be excluded from the store submission action.
• (GDPR) The delete data request action can now be added to a form, allowing your users to request deletion of their Ninja Forms submissions.
• (GDPR) The export data request action can now be added to a form, allowing your users to request a record of their Ninja Forms submissions.
• (GDPR) Added templates for data removal and data export requests.
• (GDPR) Added a suggested privacy policy content block for the use of Ninja Forms.
• (GDPR) We've updated our Ninja Forms opt-in/opt-out behavior for anonymous usage statistics.
• (Developers) We've added a layout of our database structure to our public repository.

=

(22 May 2018) =

Bugs:

• Resolved a bug that was sometimes causing clicks to not register in the admin.

Changes:

• Individual fields can now be excluded from the store submission action.
• (GDPR) The delete data request action can now be added to a form, allowing your users to request deletion of their Ninja Forms submissions.
• (GDPR) The export data request action can now be added to a form, allowing your users to request a record of their Ninja Forms submissions.
• (GDPR) Added templates for data removal and data export requests.
• (GDPR) Added a suggested privacy policy content block for the use of Ninja Forms.
• (GDPR) We've updated our Ninja Forms opt-in/opt-out behavior for anonymous usage statistics.
• (Developers) We've added a layout of our database structure to our public repository.

=

(11 May 2018) =

Bugs:

• Resolved an issue that sometimes caused collect payment actions to fail.
• Date fields should now properly recognize date format for validation purposes.
• Resolved an issue that was sometimes causing date fields to always fail validation.
• Removed the random error text that sometimes appeared on form export.
• Resolved an issue that sometimes caused the contents of plain text emails to not display properly in the form builder.
• Date fields should no longer fail validation if their format is set to the default setting.

=

(10 May 2018) =

Bugs:

• Resolved an issue that sometimes caused collect payment actions to fail.
• Date fields should now properly recognize date format for validation purposes.
• Resolved an issue that was sometimes causing date fields to always fail validation.
• Removed the random error text that sometimes appeared on form export.
• Resolved an issue that sometimes caused the contents of plain text emails to not display properly in the form builder.

=

(8 May 2018) =

Bugs:

• Date fields should now properly recognize date format for validation purposes.
• Resolved an issue that sometimes caused collect payment actions to fail.
• Removed the random error text that sometimes appeared on form export.
• Resolved an issue that sometimes caused the contents of plain text emails to not display properly in the form builder.

=

(30 April 2018) =

Bugs:

• Resolved an issue that was causing an error in the console while using Safari.
• Fixed a bug that sometimes caused fields to not display properly when their labels contained non-ASCII characters.
• Resolved an issue that caused an error message to appear in the dashboard on older PHP versions.
• Hidden fields should no longer be hidden in the form builder.

Changes:

• New form templates are here!

=

(26 April 2018) =

Bugs:

• Resolved an issue that was causing an error in the console while using Safari.
• Fixed a bug that sometimes caused fields to not display properly when their labels contained non-ASCII characters.
• Resolved an issue that caused an error message to appear in the dashboard on older PHP versions.

Changes:

• New form templates are here!

=

(23 April 2018) =

Bugs:

• List field values will no longer disallow spaces as valid input.
• Options can now be properly added to duplicated list fields.
• Resolved an issue that caused the save table settings in the form builder to display no text in Firefox.
• Fixed a spacing issue for field labels set to be hidden in our opinionated styles.

Changes:

• List fields will now output labels instead of values in the {fields_table} and {all_fields_table} merge tags.

=

(04 August 2017) =

Bugs:

• Fixed a bug that caused form submissions to fail with an NF_ESO_PARSER error.
• The nf_sub_seq_num shortcode should now be properly converted when upgrading from 2.9.x to 3.0.
• bcc and cc fields in email actions should convert properly when upgrading from 2.9.x to 3.0.
• Clicking on icons and buttons in the builder should be much more consistent.
• Scrolling in the drawer should work properly when viewing the form builder on a mobile device.
• Fixed a bug that prevented the drawer from opening when editing a duplicated list field.

=

(25 April 2017) =

Security:

• Fixed a possible security export related to WP Sessions. Please update as soon as possible.

=

(6 September 2016) =

Changes:

• Release of Ninja Forms THREE

=

(30 August 2016) =

Bugs:

• [THREE Only] Fixed a bug with the add field event in the builder.
• [THREE Only] Fixed a bug with adding credit card fields in the builder.

=