Release v0.63.3

🤖 AI-Generated Changelog

Fixed

• Corrected side-by-side field alignment to render consistently regardless of uneven label heights

---

🔗 Full Changelog: v0.63.2...v0.63.3

Release v0.63.2

🤖 AI-Generated Changelog

Fixed

• Prevent duplicate or erroneous notifications for stage groups when the assigned_to field has already been resolved

---

🔗 Full Changelog: v0.63.1...v0.63.2

Release v0.63.1

🤖 AI-Generated Changelog

Fixed

• Corrected side-by-side field alignment when adjacent fields have uneven label heights, ensuring form fields remain visually aligned regardless of label length

---

🔗 Full Changelog: v0.63.0...v0.63.1

Release v0.63.0

🤖 AI-Generated Changelog

Added

• Hide comment field per stage: Workflow stages now support a hide_comment_field option, allowing administrators to suppress the comment input on approval forms for specific stages where comments are not needed.
• Phone field pattern validation: Phone input fields now include HTML5 pattern validation, providing immediate browser-side feedback. Accepted formats include country code prefixes (e.g., +1, +44).

Changed

• Improved form alignment: Consecutive third- and fourth-width fields in approval step forms are now grouped into a single row with consistent top alignment, resulting in a more polished form layout.

Fixed

• File uploads persist through validation failures: Uploaded files are now saved eagerly before validation runs, so attachments are no longer lost when a form submission fails validation.
• File uploads persist with draft submissions: Uploaded files are now retained when saving a form as a draft.
• Existing file metadata preserved on resubmit: When resubmitting a form without uploading a new file, the previously attached file metadata is carried forward automatically.

---

🔗 Full Changelog: v0.62.1...v0.63.0

Release v0.62.1

🤖 AI-Generated Changelog

Fixed

• Resolved duplicate entries appearing in stage groups
• Ensured final notifications are correctly sent for sub-workflows upon completion
• Fixed broken withdrawal notifications caused by a missing import that was silently ignored
• Prevented application crashes in notification rules when approver context variables were absent

---

🔗 Full Changelog: v0.61.2...v0.62.1

Release v0.61.2

🤖 AI-Generated Changelog

Fixed

• Resolved a crash in notification rules caused by a missing approver context variable

---

🔗 Full Changelog: v0.61.1...v0.61.2

Release v0.61.1

🤖 AI-Generated Changelog

Fixed

• Restored withdrawal notifications that were silently failing due to a broken import reference

---

🔗 Full Changelog: v0.61.0...v0.61.1

Release v0.61.0

🤖 AI-Generated Changelog

Added

• Added triggering stage option for workflows, allowing more precise control over when workflow stages are initiated
• Added workflow-scoped notification rules, enabling notifications to be configured at the workflow level for more granular alerting

Fixed

• Fixed PostgreSQL sequence reset after sync import to prevent IntegrityError when creating new records following a data import

Documentation

• Added comprehensive WordPress plugin guide covering installation, configuration, and usage of embeddable forms

---

🔗 Full Changelog: v0.60.0...v0.61.0

Release v0.60.0

🤖 AI-Generated Changelog

Added

• Embeddable Forms — Embed DFW forms on any external website via iframe:
  • dfw-embed.js loader script with responsive auto-resize via postMessage events (dfw:loaded, dfw:resize, dfw:submitted), configurable theme, accent color, and submit/load callbacks
  • Minimal embed layout (embed_base.html) with dedicated form and success templates, no navbar or footer
  • form_embed view with cross-origin CSRF support (SameSite=None; Secure), rate limiting for anonymous submissions, and full submission controls (close date, max submissions)
  • embed_enabled toggle on form definitions to opt forms into embedding
  • Admin embed code panel with three tabs — JS Embed, iframe Fallback, WordPress Shortcode — with copy-to-clipboard buttons
  • "Embeddable" checkbox in the form builder's Submission Controls section
  • Export/import and clone support for the embed_enabled setting
• WordPress Plugin (wordpress/dfw-forms/):
  • [dfw_form] shortcode with full attribute sanitization for embedding forms in posts and pages
  • Gutenberg block (apiVersion 3, no build step required) with live preview and sidebar controls
  • Settings page at Settings > DFW Forms with server URL configuration and "Test Connection" button
  • JS and iframe embed modes with WordPress.com compatibility notes

Fixed

• Resolved DOM-based XSS risk in workflow-builder.js by validating workflowId as an integer and using the URL() constructor instead of template literals (CodeQL #25)
• Removed user-supplied form slugs from server log messages in sync_api.py to prevent clear-text logging of sensitive identifiers (CodeQL #26–28)
• Stopped exposing internal ValidationError messages in JSON API responses in workflow_builder_views.py; errors are now logged server-side only (CodeQL #23)
• Sanitized accent_color query parameter in views.py using a hex color regex to prevent injection

Security

• Cross-origin embed requests protected by SameSite=None; Secure CSRF cookie scoping
• dfw-embed.js validates the data-server attribute as a valid http(s) URL before setting iframe.src, preventing open redirect via embed configuration

---

🔗 Full Changelog: v0.59.0...v0.60.0

Release v0.59.0

🤖 AI-Generated Changelog

Added

• Embeddable forms support, allowing forms to be embedded directly into external websites
• WordPress plugin for integrating forms into WordPress sites
• Embed code panel for easily generating and copying embed snippets
• Documentation for payments, shared option lists, and dependent workflows

Security

• Fixed 5 CodeQL security alerts to improve code safety and compliance

---

🔗 Full Changelog: v0.58.0...v0.59.0