Release Notes

Read First

Be sure to read the Upgrade Guide first as manual changes may be necessary. You can also read the Statamic 6 Launch Announcement blog post to learn about many of the new features in depth!

What's new

• A completely redesigned Control Panel
• UI Component library
• Control Panel themes
• Vue 3
• Inertia.js
• Tailwind 4
• Command Palette
• Elevated sessions
• Two-factor authentication
• Passkeys
• Antlers component tag syntax
• Smart view scaffolding
• Addon settings
• Better date and timezone support
• Replicator/Bard sets can have image previews
• Laravel Boost Guidelines
• Publish form overhaul
• Collapsible publish form sections
• Publish form site locale-aware text direction
• Background Static Cache re-caching
• Collection calendar view
• Live Preview hot-reload
• REST API Authentication
• Improved JS and addon workflow
• Vue Composition API support in Fieldtypes

What's changed

• Dropped support for Laravel 11 and PHP 8.2.
• There are a number of breaking changes. Consult the 6.0 upgrade guide.

What's fixed

• Antlers config backwards compatibility #14146 by @jasonvarga
• Config parsing exclusion #14152 by @jasonvarga
• Fix Antlers parser state restoration #14151 by @jasonvarga
• Support Laravel Debugbar 4 #14142 by @jasonvarga
• Remove pdf css #14141 by @jasonvarga
• More Antlers defaults #14125 by @jasonvarga

This release contains a potentially breaking change for the sake of security.

What's fixed

• Antlers hardening (Breaking: See PR for upgrade notes) #14092 by @jasonvarga
• External Glide URL validation #14101 by @jasonvarga
• Harden redirects #14099 by @jasonvarga
• Harden auth redirects #14089 by @duncanmcclean
• Fix user fieldtype search #14084 by @duncanmcclean
• Fix user name and email logic #14079 by @jasonvarga
• Sanitize SVGs #14077 by @jasonvarga
• Fix CSRF token on pages excluded from static caching #14056 by @duncanmcclean
• Improve PDF Viewer #14045 by @duncanmcclean
• Throw UnableToReadFile for invalid images in ImageGenerator #14043 by @mmodler
• Antlers user content and config #14058 by @jasonvarga
• Block methods in Antlers by default #14059 by @jasonvarga

What's fixed

• Fixes shouldUpdateUris regex adding additional brackets to Antlers #13995 by @martyf
• Validate password reset url #14023 #14008 by @jasonvarga
• Harden html rendering #14006 by @jasonvarga

What's fixed

• Correct test namespaces to avoid PSR-4 warnings #13989 by @duncanmcclean
• Sanitize html in html fieldtype #13992 by @jasonvarga

What's fixed

• Avoid replacing nocache regions in initial full-measure response #13953 by @duncanmcclean
• Fix Icon fieldtype augment error when value is empty #13966 by @jhhazelaar
• Fix whereIn()/whereNotIn() error for booleans #13952 by @duncanmcclean

What's fixed

• Revert etags #13933 by @jasonvarga

What's fixed

• Fix after_save preference not persisting when default preferences override 'listing' #13879 by @el-schneider
• Asset auth fix #13883 by @duncanmcclean
• Account for custom fields when checking if entry URIs should be updated #13859 by @duncanmcclean

What's fixed

• Add auth to asset routes #13810 by @jasonvarga

What's fixed

• Handle 0 values in text fields and null string in slugs #13786 by @joshuablum
• Fix multi-site URL invalidation in ApplicationCacher #13793 by @joshuablum

What's fixed

• Avoid showing large number of assets in listing #13758 by @jasonvarga
• Abort 404 when asset is not found in AssetsController #13741 by @mynetx

What's fixed

• Revert AssetContainer::accessible() visibility change #13673 by @duncanmcclean
• Fix: Prevent 304 responses without client cache headers #13654 by @mynetx
• Fix uninitialized property error from HandleEntrySchedule job #13648 by @duncanmcclean
• Bump lodash from 4.17.21 to 4.17.23 #13628 by @dependabot
• Avoid updating Bard value unless content has actually changed #13645 by @duncanmcclean

What's fixed

• Revert config values in forms #13632 by @jasonvarga

What's new

• Allow config values to be used in forms #11403 by @FrittenKeeZ
• Allow closure in cascade content hydration #13580 by @marcorieser

What's fixed

• AssetContainer::accessible() should take filesystem visibility into account #13621 by @duncanmcclean
• Augment appended form config fields for Antlers #13111 by @marcorieser
• Fix error from DefaultInvalidator when creating a nav #13596 by @duncanmcclean
• Prevent redirect when creating term via fieldtype #13595 by @duncanmcclean
• Handle null value gracefully #13598 by @aerni
• Fix existing field validation with prefixed fieldset imports #13551 by @duncanmcclean

What's new

• Support query scopes in navigations #13509 by @el-schneider

What's fixed

• Generate etag after nocache replacements #13433 by @mmodler
• Support custom validation rules for asset containers #13459 by @duncanmcclean
• Fix filterWhere with arrays #13507 by @aerni
• Dutch translations #13532 by @laurenskr