Caldera Forms 1.6 Is Here!

Catdera Caldera Forms Banner


Posted On:

Today we are happy to announce the release of Caldera Forms 1.6. This release brings several features that have been requested by our users, and sets us up to bring more in demand features to Caldera Forms in future releases.

Caldera Forms 1.6 introduces Caldera Forms Pro enhanced anti-spam,

Important: This update includes fixes for minor security issues. While these are relatively minor issues, which we have no evidence have ever been exploited, we do recommend updating immediately. If you can not update immediately please read the security release notes to find out if you should be concerned and, if so, what to do.

What’s Changed In Caldera Forms 1.6

Improved Anti-Spam

Caldera Forms settings for advanced anti-spamOne of the reasons we launched Caldera Forms Pro is we didn’t want to educate users about transactional email systems, DNS records, and all the other complicated parts of ensuring form emails are sent. Instead, we took what we had learned and put it in one easy to use package. When our strategy needs to change — for example when we expanded the number of IP addresses we use earlier this month — everyone using Caldera Forms Pro benefits from the improvement, without having to do anything or update their site.

When we surveyed our users earlier this year, we asked what we could do better and we got two very clear responses: better documentation and better anti-spam. We redesigned our documentation search earlier this year and are currently rewriting our most visited documentation and recording all new videos.

But, we’re also worried about increased reports about spam. We decided to take the same approach we took to email delivery with anti-spam. Like with email deliverability, best practices to avoid spam are constantly changing. What worked last year doesn’t always work today, and what works today, might not work next year.

Caldera Forms Pro anti-spam is very simple to set up. Just check the “Advanced” option in the new Anti-Spam tab. Then tell Caldera Forms which field has the form message and which has the sender’s name. Caldera Forms Pro takes care of the rest.

Advanced Anti-Spam Protection With Caldera Forms Pro

More Flexible Auto-Responders

Another request we’ve gotten is for support for adding a BCC to auto-responders. We’ve also heard from several users that they would like to have multiple CCs and BCCs on auto-responders.

Both are possible with Caldera Forms 1.6. This also allows for multiple conditional recipients.

Multiple Defaults For Checkboxes

In our Facebook group, we recently had a question about using the caldera_forms_render_get_field filter to set multiple defaults for a checkbox field. That was not possible with the current version of Caldera Forms. A Caldera Forms user, Diego de Oliveira, volunteered to make this possible and submitted a pull request that is now a part of Caldera Forms 1.6.

There is an example of how to use this new feature in the documentation for that filter. We are continuing to collaborate with Diego on an improved interface for configuring field options, which will provide a UI for this feature in a future release.

We are always happy to accept a pull request from the community.

Security Fixes

Caldera Forms 1.6.0 includes fixes for three minor security issues that create stored XSS vulnerabilities, they were discovered by Federico Scalco. We would like to thank Fedrico for finding these bugs and responsibly disclosing them. His work is making our plugin better and our users safer.

All three issues are “stored XSS vulnerabilities” which, in less technical terms, means that Fedrico found three ways to use Caldera Forms to store JavaScript that would be run later, possibly for malicious reasons. For more details on how to know if your site, that can not yet update to Caldera Forms 1.6, may be vulnerable and what to do to protect your site, besides updating, see the release notes.

In order to ensure that this fix does prevent these potential XSS vulnerabilities, and also that we do not re-introduce the vulnerability, we have created new automated tests. These tests, which are in a private git repository, will be run on future releases and we will add additional security checks in the future.

Other Bug Fixes

For a full list of bug fixes, please see the release notes. This update includes important fixes for mutli-page forms and file uploads.

Platform Changes

Legacy PHP Version Support Deprecated

As we announced last week Caldera Forms 1.6, will work with any version of PHP, but will alert you if your version of PHP is not supported by the PHP project anymore. If your site is running on PHP 5.6 or later, the oldest version of PHP that gets security updates from the PHP project, then nothing will change.

If you are using PHP 5.5 or an older, a warning will replace the buttons in the main admin page for Caldera Forms. Your forms will still work fine.


In Caldera Forms 1.6, we have integrated Freemius Insights. All users will be asked once if they would like to voluntarily opt in to basic usage tracking. This is entirely optional. If you do not want to participate, simply decline. By opting in, you will share your email, and some basic information about the WordPress configuration.

Our immediate goal is to better understand our users a little bit better to help focus our support and testing efforts. For example, we currently run our automated tests without any other plugins active. We would like to start running those tests with the plugins most likely to be active on a site with Caldera Forms. This would help us catch conflicts with other plugins or themes, before we finish developing an update. We currently don’t know what those plugins are, this will help us find out.

For complete details about what is tracked by Freemius, click here.

What’s Next?

That’s what’s new in Caldera Forms 1.6, which is available today. We’d like to provide a brief update on what’s next.

Our next priority, which will be the focus of Caldera Forms 1.7 will be tools to ensure sites powered by Caldera Forms are able to follow new EU data privacy laws to be GPDR compliant. We will provide tools for you to respond to requests for all form data submitted by a specific user, and to delete that data. These tools will require activation by the site admin. In addition, we will add support for automatically deleting entries older than a certain date.

Caldera Forms 1.7 will be released in May. In order to create those features, we will have to make it easier to query entries by a field’s value — for example the email address field. That is a feature that has been requested many times by users who are looking to develop applications that use Caldera Forms entry data. In addition, it will help us improve the entry viewer.

One thought on “Caldera Forms 1.6 Is Here!”

Leave a Reply

Your email address will not be published. Required fields are marked *