5.9.10

• slug columns referenced in element queries’ select, where, or orderBy expressions now explicitly resolve to elements_sites.slug. (#18416)
• Fixed a bug where the control panel requests could trigger an infinite browser redirect loop. (#18420)
• Fixed a bug where craft\helpers\App::parseBooleanEnv() wasn’t handling false values properly. (#18418)
• Fixed a bug where DECIMAL field values with 0 precision weren’t gettnig typecasted properly in element queries.

5.9.9

Warning

Relational condition rules’ element ID templates are now rendered in a sandboxed Twig environment, when enableTwigSandbox is enabled.

• Added craft\helpers\ElementHelper::cleanseQueryCriteria().
• Fixed an error that could occur when editing an element with a Table field. (#18408)
• Fixed an error that occurred when editing a Table field with no default rows. (#18407)
• Fixed a high-severity RCE vulnerability. (GHSA-fp5j-j7j4-mcxc)
• Fixed a high-severity SQL injection vulnerability. (GHSA-g7j6-fmwx-7vp8)

4.17.4

Warning

Relational condition rules’ element ID templates are now rendered in a sandboxed Twig environment, when enableTwigSandbox is enabled.

• The create() Twig function now allows craft\helpers\ classes to be created. (#18376)
• Added craft\helpers\ElementHelper::cleanseQueryCriteria().
• Fixed an error that could occur when editing an element with a Table field. (#18408)
• Fixed a high-severity RCE vulnerability. (GHSA-fp5j-j7j4-mcxc)

5.9.8

• Element edit pages no longer redirect to their referral URL on save. (#18404)
• Fixed a bug where the Entries index page could trigger an infinite browser redirect loop. (#18400)
• Fixed a styling issue with slideouts within Live Preview. (#18383)

5.9.7

• Nested entries’ edit screens now have a “Field settings” action menu item.
• GraphQL API requests no longer get cache response headers; only no-cache headers, and only if the request had a X-Craft-Gql-Cache: no-cache header, or if the request contained any mutations. (#18348)
• Legacy entry index URLs now redirect content/<page-name>.
• The create() Twig function now allows craft\helpers\ classes to be created. (#18376)
• yii\base\Event is now allowed in its entirety within sandboxed Twig environments.
• Added craft\helpers\ElementHelper::elementRevisionsUrl().
• Fixed a bug where Dashboard columns weren’t getting refreshed when the window was resized. (#18389)
• Fixed a bug where craft\web\View::renderSandboxedObjectTemplate() and renderSandboxedString() weren’t properly sandboxing templates rendered from the control panel.
• Fixed a bug where element queries with draftOf set to false were omitting canonical elements that were duplicated for an owner draft.
• Fixed a bug where newly-created nested elements were being fully duplicated to other drafts, rather than just their ownership data.
• Fixed a bug where ancestor elements’ breadcrumbs weren’t getting hyperlinked. (#18375)
• Fixed a bug where craft\models\Volume::getSubpath() could return / instead of an empty string, if the subpath was set to an environment variable set to an empty string. (#18379)
• Fixed a bug where it wasn’t possible to set assets’ alt text via GraphQL mutations. (#18381)
• Fixed a bug where dragging a field from a field layout designer’s “Add” HUD, and then dropping it back on itself, would result in the field getting selected in a hidden state. (#18382)
• Fixed a bug where custom entry index pages were getting included in the global nav, even if they only contained sources that weren’t available to the current user. (#18391)
• Fixed an error that occurred when creating a new element on multi-site installs, if its field layout contained any generated fields. (#18393)
• Fixed a bug where pressing Return on a textarea when bulk-editing elements would submit the changes.
• Fixed a bug where it wasn’t possible to save an entry with a pre-selected author that is no longer allowed to author entries for the section. (#18397)
• Fixed a bug where the “View all revisions” button wasn’t working for nested entries. (#18398)
• Fixed a low-severity XSS vulnerability. (GHSA-fvwq-45qv-xvhv)
• Fixed a low-severity information disclosure vulnerability. (GHSA-vg3j-hpm9-8v5v)

4.17.3

• GraphQL API requests no longer get cache response headers; only no-cache headers, and only if the request had a X-Craft-Gql-Cache: no-cache header, or if the request contained any mutations. (#18348)
• config/twig-sandbox.php can now include an allowedClasses array, with class names whose entire collection of properties and methods should be allowed in sandboxed Twig environments.
• craft\base\ElementInterface, craft\fields\data\ColorData, craft\fields\data\MultiOptionsFieldData, craft\fields\data\OptionData, and yii\base\Event are now allowed in their entirety within sandboxed Twig environments.
• Fixed a bug where Dashboard columns weren’t getting refreshed when the window was resized. (#18389)
• Fixed a bug where craft\web\View::renderSandboxedObjectTemplate() and renderSandboxedString() weren’t properly sandboxing templates rendered from the control panel.
• Fixed a low-severity XSS vulnerability. (GHSA-fvwq-45qv-xvhv)
• Fixed a low-severity information disclosure vulnerability. (GHSA-vg3j-hpm9-8v5v)

5.9.6

• It’s now possible to set elements’ Thumbnail Source to a field nested within a Content Block field. (#18365)
• Elements within embedded element indexes are now hyperlinked by default. (#17080)
• Added craft\db\mysql\Schema::getRowFormat().
• Added craft\db\mysql\Schema::setRowFormat().
• Added craft\fieldlayoutelements\BaseField::getThumbOptions().
• Added craft\helpers\Cp::cardThumbOptions().
• Added craft\models\FieldLayout::getThumbHtmlForElement().
• Added craft\models\FieldLayout::hasThumbField().
• Deprecated craft\models\FieldLayout::getThumbField(). hasThumbField() or getThumbHtmlForElement() should be used instead.
• Fixed a bug where nested entries within Matrix fields weren’t showing their UI labels if they didn’t have titles.
• Fixed a bug where assets weren’t getting hyperlinked on the Assets index page in thumbnail view.
• Fixed a bug where sections and volumes were getting included in entry/asset breadcrumb menus, even if their sources were disabled. (#18359)
• Fixed an error that could occur when updating to Craft 5.9, if the entrytypes table’s row format was set to COMPACT. (#18349)
• Fixed a bug where newly-selected elements weren’t being rendered correctly for relational fields set to the “Card grid” view mode. (#18362)
• Fixed a bug where card previews weren’t getting updated when a selected field was removed from the field layout.
• Fixed potential JavaScript errors that could occur if a disclosure menu’s trigger or target elements were missing. (#18358)
• Fixed a JavaScript error that occurred if a Matrix field’s label was hidden. (#18366)
• Fixed an infinite recursion bug. (#18363)

5.9.5

• Fixed a bug where nested elements could appear to be editable when their field was read-only.
• Fixed a bug where nested element changes weren’t being shown in cross-domain preview requests, if no changes had been made to the root entry yet. (#18337)
• Fixed a bug where Live Preview wasn’t upadting when making changes to nested elements via a Matrix field in Index view.
• Fixed a bug where Table fields with “Static Rows” enabled were losing their values when edited, if the field hadn’t been resaved since updating to Craft 5.9. (#18350)
• Fixed an unintentional breaking change when querying Link field data via GraphQL. (#18355)
• Fixed an error that occurred when saving the Customize Sources modal for non-entry element types. (#18347)
• Fixed a bug where links in section breadcrumb menus didn’t include the page slug. (#18352)
• Fixed a JavaScript warning that occurred after selecting an element in a relation field, if the Max Relations setting was reached. (#18358)
• Fixed a bug where a “Singles” breadcrumb was included on entry edit pages when the “Singles” source had been disabled within the Customize Sources modal. (#18359)

5.9.4

• Added craft\models\FieldLayout::getEditableCustomFieldElements().
• Fixed a bug where {% case %} tags with three or more values within {% switch %} tags weren’t working properly. (#18334)
• Fixed a bug where Matrix fields in Blocks view could lose their existing values when they became editable.
• Fixed a bug where Content Block fields and Matrix fields in Blocks view weren’t updating their nested fields’ editability states.
• Fixed an error that could occur when executing a GraphQL query with a Link field. (#18339)
• Fixed a bug where read-only custom fields could be treated as required. (#18342)

5.9.3

• Fixed a bug where multi-value {% case %} tags within {% switch %} tags weren’t working properly. (#18334)