This release adds 3 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+12 more
ReleasePort's take
Light signalStatamic CMS v6.19.0 includes a security fix for request poisoning in Site::absoluteUrl via `/index.php` requests, alongside six UI/stability bugfixes and four feature additions. Review the security impact for multi-site deployments before rolling out.
Why it matters: Request poisoning in Site::absoluteUrl can corrupt URL generation in multi-site installations. Deploy this patch in dev first to verify no custom URL handling is affected; prioritize if you serve multiple sites.
Summary
AI summaryFix date time overflow handling.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Fix `/index.php` request poisoning `Site::absoluteUrl` Fix `/index.php` request poisoning `Site::absoluteUrl` Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Feature | Medium |
Show crop dimensions in the crop editor Show crop dimensions in the crop editor Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Feature | Medium |
Add configurable `@blueprint` template base path Add configurable `@blueprint` template base path Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Feature | Medium |
Add Blade field templates for `statamic-forms` publish command Add Blade field templates for `statamic-forms` publish command Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Feature | Medium |
Don't show Visit URL for terms that aren't routable Don't show Visit URL for terms that aren't routable Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Bugfix | Medium |
Fix layout shift in Entries Fieldtype mode switcher Fix layout shift in Entries Fieldtype mode switcher Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Fix `nav:breadcrumbs` for multi-site Fix `nav:breadcrumbs` for multi-site Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Fix date time overflow Fix date time overflow Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Cap CP `perPage` query parameter to configured ceiling Cap CP `perPage` query parameter to configured ceiling Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Remove `overscroll-behavior-x: contain` on panels Remove `overscroll-behavior-x: contain` on panels Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Bugfix | Medium |
Fix scrollbars showing all the time on the calendar view Fix scrollbars showing all the time on the calendar view Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Bugfix | Medium |
Fix grid header overlapping nav Fix grid header overlapping nav Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Refactor | Medium |
Collapse equal range endpoints in NumberFormatter Collapse equal range endpoints in NumberFormatter Source: llm_adapter@2026-05-21 Confidence: high |
— |
Full changelog
What's new
- Show crop dimensions in the crop editor #14654 by @jasonvarga
- Add configurable
@blueprinttemplate base path #11632 by @o1y - Add Blade field templates for
statamic-formspublish command #14639 by @martyf
What's fixed
- Fix layout shift in Entries Fieldtype mode switcher #14646 by @jackmcdade
- Fix
/index.phprequest poisoningSite::absoluteUrl#14647 by @jasonvarga - Remove
overscroll-behavior-x: containon panels #14642 by @jaygeorge - Fix
nav:breadcrumbsfor multi-site #13789 by @nopticon - Fix date time overflow #14652 by @jaygeorge
- Fix scrollbars showing all the time on the calendar view #14653 by @jaygeorge
- Fix grid header overlapping nav #14640 by @wiktorm12
- Collapse equal range endpoints in NumberFormatter #14657 by @jasonvarga
- Don't show Visit URL for terms that aren't routable #14658 by @edalzell
- Cap CP
perPagequery parameter to configured ceiling #14668 by @jasonvarga
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Beta — feedback welcome: [email protected]