Caldera Forms 1.5.5 Bug Fix and Security Release

Catdera Caldera Forms Banner

Caldera Forms 1.5.5 has been released. It includes a security fix to prevent an XSS vulnerability reported responsibly by Will Brand. The details will be included in a CVE on WPVulnDB. While this is not a severe security issue and would be very difficult to exploit, we recommend all users update immediately.

This update also fixes a few important bugs:

  • Star fields set to be required could be submitted with no value in some browsers, including Firefox. Validation of these fields has been improved.
  • Some field configurations led to 502 errors on WPEngine when the object cache was used. Field sync objects are no longer cached in the WordPress object cache.
  • The email settings screen was not showing. It works again.
  • The¬†caldera_forms_pre_load_processors action ran twice. The second use is now renamed to¬†caldera_forms_post_load_processors.
  • An edge-case causing false positives in the honey pot anti-spam in very rare scenarios caused false positives. A fix to prevent this issue is in place.