Skip to content

cms

v5.73.24 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1d API Development
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

api-rest cms composer-package content-management-system flat-file-cms flatfile
+12 more
flatfilecms graphql headless jamstack laravel laravel-cms laravel-package php php8 ssg statamic vuejs

Summary

AI summary

Fixed CSV export formula escaping, hardened remote URL validation, and resolved Bard/Link Blink cache type collisions.

Changes in this release

Bugfix Medium

Fixes formula character escaping in CSV exports during form submission.

Fixes formula character escaping in CSV exports during form submission.

Source: llm_adapter@2026-06-02

Confidence: high
Bugfix Medium

Fixes cache type collision between Bard and Link Blink.

Fixes cache type collision between Bard and Link Blink.

Source: llm_adapter@2026-06-02

Confidence: high
Bugfix Medium

Hardens remote URL validation logic.

Hardens remote URL validation logic.

Source: llm_adapter@2026-06-02

Confidence: low
Full changelog

What's fixed

  • Escape formula characters in form submission CSV exports #14760 by @jasonvarga
  • Harden remote URL validation #14761 by @jasonvarga
  • Fix Bard/Link Blink cache type collision #14739 by @simonerd

Security Fixes

  • Harden remote URL validation — mitigates potential injection or malicious URL exploitation
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track cms

Get notified when new releases ship.

Sign up free

About cms

The core Laravel CMS Composer package

All releases →

Related context

Beta — feedback welcome: [email protected]