Release Notes
Stay up to date with the latest Statamic changes.
To see what's in development, check out the roadmap.
6.13.0 Security
April 13th, 2026
What's new
- Frontend Passkeys #14453 by @duncanmcclean
- Allow control over who can be impersonated in UserPolicy #14469 by @ryanmitchell
What's fixed
- Fix Bard arrow keys/undo #14467 by @jackmcdade
- Fix visible he-tree accessibility text in tree view #14465 by @duncanmcclean
- Append to Bard Entry links #11468 by @edalzell
- Disable broadcast provider when broadcasting driver is null #14471 by @jasonvarga
- Make the collapsible section icon smaller to fit in with the rest of UI #14478 by @jaygeorge
- Add
.npmrcfile #14477 by @duncanmcclean - Fix SVG sanitization tests #14483 by @duncanmcclean
- Use
cursor: pointerwhen selecting from asset grid #14487 by @joshuablum - Remove negative assertions from
TestCase#14458 by @duncanmcclean - Harden OrderBys #14474 by @duncanmcclean
- Harden query value resolution #14476 by @duncanmcclean
- French translations #14479 by @ebeauchamps
- Bump axios from 1.14.0 to 1.15.0 #14473 by @dependabot
6.12.0
April 8th, 2026
What's new
- Add support for filtering conditions in Assets Tag #13936 by @jackmcdade
What's fixed
- Add padding around 2FA QR code for dark mode scanning #14460 by @duncanmcclean
- Fix form submissions with non-UTF-8 data crashing the CP listing #14461 by @duncanmcclean
- Remove deprecated function calls #14457 by @justindantzer
- Upgrade to Vite 8 #14459 by @jasonvarga
- Nested fields should respect read-only state #14351 by @duncanmcclean
6.11.0
April 7th, 2026
What's new
- Add support for public properties to PathDataManager #11697 by @marcorieser
- Add ability to filter submission exports #14432 by @jasonvarga
- Add elevated session guards to AssignGroups and AssignRoles actions #14450 by @jasonvarga
What's fixed
- Fix Stache index re-entrancy causing null URIs on cold stache #14181 by @o1y
- Fix form submission types #14430 by @daun
- Support decimal values in Range fieldtype #13096 by @hastinbe
- Add
linktag to allowed Antlers tags #14438 by @edalzell - Add
@defaultsupport to Antlers content allowlists #14440 by @jasonvarga - Centralize SVG sanitization and sanitize CSS in style tags #14442 by @jasonvarga
- Fix serializable_classes issues #14443 by @jasonvarga
- Fix addon settings always showing as migratable #14444 by @duncanmcclean
- Fix creating passkeys with JSON session serialization #14448 by @duncanmcclean
- Stop auto-logging in users after password reset #14454 by @jasonvarga
- Fix sync/desync on localizable nested fields #14335 by @duncanmcclean
- French translations #14431 by @ebeauchamps
- Bump defu from 6.1.4 to 6.1.6 #14434 by @dependabot
- Bump vite from 7.1.12 to 7.3.2 #14441 by @dependabot
6.10.0
April 2nd, 2026
What's new
- Default values can be computed #14279 by @edalzell
- Ability to add to the filename replacements list #14316 by @edalzell
What's fixed
- Harden OrderBys #14421 by @jasonvarga
- Serialize nocache regions before storing in cache #14422 by @jasonvarga
- Fix invalid HTML
langattribute #14427 by @duncanmcclean - Add serializable classes to allowlist #14416 by @duncanmcclean
- Filter invalid UTF-8 locales from dictionary #14426 by @duncanmcclean
- Fallback to option key in listings when label is missing #14429 by @duncanmcclean
- Ensure moved/removed entries are statically invalidated #14386 by @ryanmitchell
- Catch axios errors in blueprint builder #14428 by @duncanmcclean
- Improve error handling when requiring starter kits #14411 by @duncanmcclean
- Ensure empty addon settings get default blueprint values #14384 by @ryanmitchell
- Bump lodash-es from 4.17.23 to 4.18.1 #14425 by @dependabot
6.9.0
April 1st, 2026
What's new
- Add a Text component #14247 by @jaygeorge
- Emit
asset.savedevent from asset editor #14392 by @duncanmcclean
What's fixed
- Fix collection whereStatus logic #14380 by @jackmcdade
- Implement whereStatus() on search query builder #14387 by @ryanmitchell
- Blueprint button order changes #14365 by @jaygeorge
- Fix address bar overlapping bottom of content (typically on iOS) #14399 by @jaygeorge
- Fix nested Bard toolbar focus issues #14396 by @jaygeorge
- Fix nav section border radius #14409 by @jaygeorge
- Fix conditional field borders #14407 by @thomasvantuycom
- Fix collection listing dates from wrapping #14415 by @jaygeorge
- Fix Parameters make method #14418 by @jasonvarga
- Prevent npm packages from executing malicious code via
postinstall#14417 by @duncanmcclean - French translations #14393 by @ebeauchamps
- Bump brace-expansion from 2.0.2 to 2.0.3 #14383 by @dependabot
6.8.0
March 27th, 2026
What's new
- GraphQL API Authentication #14292 by @duncanmcclean
- Ability to disable two-factor authentication #14263 by @duncanmcclean
- Ability to select the date formatting locale #14372 by @jasonvarga
- Number formatter #14373 by @jasonvarga
What's fixed
- Omit application name and URL from support:details #14359 by @jasonvarga
- Fix CP Nav active state when trailing slashes are enforced #14363 by @duncanmcclean
- Only change date for localizations with an explicit date set #14362 by @duncanmcclean
- Bring back responsive button groups #13336 by @daun
- Merge external class attrs through twMerge in UI components #14379 by @jasonvarga
- Reduce amount of data provided in Assets fieldtype meta #14366 by @duncanmcclean
- Filters can only be removed by clicking cross #14220 by @jaygeorge
- Bump reka-ui #14368 by @jasonvarga
- Bump picomatch from 2.3.1 to 2.3.2 #14360 by @dependabot
6.7.3
March 25th, 2026
What's fixed
- Fix header z-index when creating a new nav #14337 by @jaygeorge
- Remove fixed height from SVGs in UI labels to prevent flickering #14338 by @jaygeorge
- Correct the Bard full-screen width #14348 by @jaygeorge
- Fix duplicate translation for "Edit Fieldset" #14349 by @duncanmcclean
- Delete unused
momenttranslations #14354 by @duncanmcclean - Revert "Fix translator locale" #14358 by @jasonvarga
- French translations #14339 by @ebeauchamps
- German translations #14352 by @helloDanuk
6.7.2 Security
March 24th, 2026
What's fixed
- DatePicker dates can't be strings #14295 by @edalzell
- Fix updated widget badge alignment #14303 by @jackmcdade
- Fix PHP sanitization edge cases #14300 by @duncanmcclean
- Fix Replicator Drag & Drop when multiple fields share the same handle #14310 by @duncanmcclean
- Fix live preview token scope #14304 by @jasonvarga
- Handle more cases in external url detection #14315 by @jasonvarga
- Allow external redirects from Form::getSubmissionRedirect #14318 by @jasonvarga
- Fix closure validation rules with Files fieldtype #14319 by @duncanmcclean
- Relationship fieldtype authorization tweaks #14307 by @duncanmcclean
- Add CSP header to svg route #14325 by @jasonvarga
- Add authorization to revision routes #14301 by @duncanmcclean
- Restrict markdown preview endpoint #14326 by @jasonvarga
- Sanitize password reset form redirect value #14327 by @jasonvarga
- Fix config through Antlers views #14328 by @jasonvarga
- Long dropdowns should be scrollable #14333 by @duncanmcclean
- Fix set picker position #14332 by @duncanmcclean
- Fix various timezone issues #14322 by @duncanmcclean
- Fix translator locale #14323 by @jasonvarga
- Fix 2FA setup modal not re-opening #14309 by @duncanmcclean
- Fix logo z-index in Outside.vue #14299 by @SteveEdson
- Fix
translatorerror with Symfony Console 8 #14330 by @duncanmcclean - Don't autofocus on non-root fields with "title" or "alt" name #14329 by @hivokas
6.7.1 Security
March 18th, 2026
What's fixed
- Hide "Duplicate Set" when max sets limit has been reached #14275 by @duncanmcclean
- Fix missing top border in read-only Assets fields #14277 by @duncanmcclean
- Hide set bodies when there are no fields #14282 by @jackmcdade
- Fieldset editing improvements #14283 by @jackmcdade
- Harden
URL::isExternalToApplication()#14287 by @duncanmcclean - Prevent opening set picker when
max_setslimit has been reached #14290 by @duncanmcclean - Harden password reset #14294 by @jasonvarga
6.7.0 Security
March 17th, 2026
What's new
- Add
Asset::moveUnique()method #14236 by @lwekuiper
What's fixed
- Sanitize SVGs on reupload #14258 by @duncanmcclean
- Fix error saving preferences when
themetranslations exist #14266 by @duncanmcclean - Prevent logging git dependabot errors #14257 by @aerni
- Fix incorrect variable in return doc #14265 by @indykoning
- Fix error on
CreateFormcomponent in Storybook #14264 by @duncanmcclean - Allow using SVGs from
vendor/node_modulesdirectories #14261 by @duncanmcclean - Fix date formats #14256 by @jasonvarga
- Ensure images are refreshed properly after cropping #14260 by @duncanmcclean
- Handle validation rules on Files fieldtype #14262 by @duncanmcclean
- Make stacks smoother #14210 by @jaygeorge
- Fix TimePicker resetting to AM when typing #14259 by @duncanmcclean
- Rename to security #14276 by @jasonvarga
- Prevent path traversal in file dictionary #14272 by @duncanmcclean
- Prevent term creation via fieldtype without permission #14274 by @duncanmcclean
6.6.3
March 13th, 2026
What's fixed
- Alphabetically order listing/publish container context lists & document
isDirty()#14245 by @duncanmcclean - Relationship endpoint authorization #14254 by @jasonvarga
- Replicator fieldtype endpoint hardening #14255 by @jasonvarga
- Show "Drop to Upload" on top when dragging file onto Asset field #14250 by @duncanmcclean
- Avoid globe cursor when dragging & dropping Bard sets #14248 by @duncanmcclean
6.6.2 Security
March 12th, 2026
What's fixed
- Fix color mode preference values #14242 by @jasonvarga
- Add
outsideclass to outside layout #14240 by @duncanmcclean - Only remove Bard set when backspace key is hit #14189 by @duncanmcclean
- Removed a comment from the js code output of the StaticCacher #14233 by @micahhenshaw
- French translations #14243 by @ebeauchamps
6.6.1
March 12th, 2026
What's fixed
- Add "Content Search" string to translator's
$additionalStringsarray #14226 by @duncanmcclean - Make image manipulation presets more readable #14230 by @jaygeorge
- Fix undefined variable in Bard fieldtype #14238 by @duncanmcclean
- French translations #14232 by @ebeauchamps
- Bump tar from 7.5.10 to 7.5.11 #14231 by @dependabot
6.6.0
March 11th, 2026
What's new
- Image transparency checkerboard #13975 by @jaygeorge
- Support reference updates for custom fieldtypes and working copies #13693 by @morhi
- Asset listing filters #14025 by @daun
- Ability to save/reset changes to filter presets #13956 by @duncanmcclean
What's fixed
- Improve tables in Bard fields, particularly dark mode #14158 by @jaygeorge
- Add
MiddleEllipsiscomponent to Storybook #14215 by @duncanmcclean - Update ip_address protector to use request()->ips() #14063 by @gavynd6
- Fix $isNew detection after Asset::move() #14140 by @lwekuiper
- Avoid escaping dictionary fieldtype labels #13845 by @duncanmcclean
- Force full width on asset grid to account for smaller SVGs #14164 by @jaygeorge
- Avoid opening Command Palette when Bard field is focused & text is selected #14019 by @duncanmcclean
- Asset cropper fixes #14173 by @jaygeorge
- External URLs in the nav should render as anchor tags #14174 by @duncanmcclean
- Cancel inflight requests #14178 by @macaws
- Performance: Reduce duplicate cache reads on nav #14179 by @macaws
- Performance: memoize outpost #14180 by @macaws
- Memoize marketplace cache #14182 by @macaws
- Fix outline focus briefly showing as the stack comes in #14187 by @jaygeorge
- Use amber for update badges #14175 by @duncanmcclean
- Fix copy to clipboard input in light mode #14186 by @duncanmcclean
- Handle stop words case insensitive #14201 by @marcorieser
- Critical updates visibility #14202 by @jasonvarga
- Tiny border-radius fix from the checkerboard PR by @jaygeorge
- Collapse the assets fieldtype to its mobile layout at a higher breakpoint #14212 by @jaygeorge
- Fix expanding Bard sets in localized entries #14214 by @duncanmcclean
- Handle CarbonInterval instances in Localize middleware #14209 by @duncanmcclean
- Handle cancelled requests when generating slugs #14211 by @duncanmcclean
- Allow dev stability for local starter kit installations #14208 by @marcorieser
- Refresh CodeMirror instance when switching tabs #14199 by @duncanmcclean
- Update bulk action selections when individual row is deleted #14196 by @duncanmcclean
- Add skeleton ui to lazy loaded actions #14217 by @jaygeorge
- Various drag & drop fixes #14219 by @duncanmcclean
- Avoid sanitizing
targetattribute inmarkdown()helper #14221 by @duncanmcclean - Fix create entry translations #14223 by @duncanmcclean
- Acquire stache-warming lock in Duplicates::find #14176 by @mmodler
- French translations #14163 by @dadaxr
- German translations #14165 by @helloDanuk
- French translations #14166 by @ebeauchamps
- Bump minimatch and dompurify #14161 by @jasonvarga
- Bump svgo from 3.3.2 to 3.3.3 #14153 by @dependabot
- Bump tar from 7.5.9 to 7.5.10 #14156 by @dependabot
6.5.0
March 4th, 2026
What's new
- Add configuring callback functionality to statamic.js #13811 by @maurice-ellis
- Add
min,max,sumandavgmethods to Stache query builder #13894 by @duncanmcclean - Laravel 13 #13870 by @duncanmcclean
- Image cropping #13875 by @jackmcdade
- Add option to show widget table headers #14128 by @jackmcdade
- Clean Asset Meta Command #13934 by @jackmcdade
What's fixed
- Ignore toolbar shortcuts while inside menus #14111 by @daun
- Revert floating toolbar buttons inadvertently affected by 14036 #14118 by @jaygeorge
- When sets are expanded, add isolation to force a new stacking context #14121 by @jaygeorge
- Remove z-index from replicator #14108 by @jaygeorge
- Don't force an SVG aspect ratio in the asset preview thumbnails #14107 by @jaygeorge
- Fix replicator preview text merging during reorder #14072 by @dannyuk1982
- Show asset editor toolbar in more situations #14127 by @jasonvarga
- Fix query scopes in asset fieldtype #14091 by @duncanmcclean
- Minor adjustment to label margin #14139 by @jaygeorge
- Fix pjpg format being used as file extension in AssetUploader #14134 by @lwekuiper
- Updates section tweaks #14129 by @duncanmcclean
- Fix addon settings permissions #14130 by @duncanmcclean
- Apply existing container width breakpoints #13910 by @daun
- Prevent dropping nav item with children into root position #13861 by @duncanmcclean
- Antlers config backwards compatibility #14146 by @jasonvarga
- Config parsing exclusion #14152 by @jasonvarga
- Fix Antlers parser state restoration #14151 by @jasonvarga
- Remove pdf css #14141 by @jasonvarga
- More Antlers defaults #14125 by @jasonvarga
- Dutch translations #14149 by @JasperWelsing
- Dutch translations #14143 by @lwekuiper
- French translations #14113 by @dadaxr
- Bump storybook from 10.2.0 to 10.2.10 #14112 by @dependabot
- Bump rollup from 4.44.1 to 4.59.0 #14106 by @dependabot