Release Notes

What's fixed

• Add auth to asset routes #13810 by @jasonvarga

• Fix markdown fieldtype error when theres no container #13809 by @jasonvarga

What's new

• Show collection tree in navigation page selector #13643 by @duncanmcclean
• Max width control for the CP (Expand/Constrain Layout) #13647 by @JayGeorge
• Permissions Check/Uncheck All buttons #13762 by @jackmcdade
• Ctrl+k to open bard link stack #13759 by @jasonvarga
• Time field enhancements #13799 by @jasonvarga
• Copy to clipboard improvements and fixes throughout the CP #13791 by @joshuablum
• Support Laravel Debugbar 4 #13781 by @duncanmcclean

What's fixed

• Fix asset selector padding #13737 by @duncanmcclean
• Fix adding sets stored in the legacy format #13743 by @duncanmcclean
• Nested bard fixed toolbars - remove sticky stacking approach #13750 by @JayGeorge
• Fix the z-index of the sticky markdown toolbar, plus position on mobile #13751 by @JayGeorge
• Improve focus on page load #13357 by @JayGeorge
• Only show site in search result badge when using multiple sites #13752 by @jasonvarga
• Fix asset index fieldtype slice length #13757 by @jasonvarga
• Fix TypeError with CarbonImmutable in Timezone Support #13760 by @ajnsn
• Hide the expand layout control when the content is small and it has no effect #13761 by @JayGeorge
• Hide "Collapsible" option for bard/replicator sets #13763 by @duncanmcclean
• Antlers Blade Components: Correct extra parenthesis in output #13765 by @JohnathonKoster
• Fix webauthn migration created by update script #13769 by @duncanmcclean
• Remove the inset style for relationship fields to make dark mode more consistent #13784 by @JayGeorge
• Fix Textarea component story missing an end tag #13787 by @joshuablum
• Fix Textarea component resize #13788 by @joshuablum
• Add missing tooltips import #13783 by @duncanmcclean
• Fix uploading assets via Markdown fieldtype #13782 by @duncanmcclean
• Avoid searching server results with fuzzysort #13792 by @duncanmcclean
• Clearing a required date field should set the date/time to now #13794 by @duncanmcclean
• Override z-index of DatePicker inside modals #13802 by @duncanmcclean
• Normalize collection listing mode preference #13798 by @jasonvarga
• Update itemActions state when switching localization #13804 by @duncanmcclean
• Avoid animation when loading Bard field with collapse: true #13805 by @duncanmcclean
• Disable Bard debouncing #13797 by @jasonvarga
• Fix login and passkeys #13807 by @jasonvarga
• French translations #13738 by @ebeauchamps

What's new

• Add duration column to asset browser #13331 by @daun
• Search instructions when searching sets #13727 by @duncanmcclean
• Add "mod+s" shortcut to save blueprint order #13729 by @heidkaemper
• Add "mod+s" shortcut to save collection order #13724 by @duncanmcclean

What's fixed

• Improve the text fieldtype icon and the number icons #13713 by @JayGeorge
• Fix error when searching assets via the Command Palette #13718 by @duncanmcclean
• Fix "Icons" code example for buttons in Storybook #13719 by @duncanmcclean
• Bump tar from 7.5.6 to 7.5.7 #13721 by @dependabot
• Fix Invalid ISO 8601 date time string error from Date Fieldtype #13701 by Copilot
• Fix missing Live Preview componentUpdated function #13733 by @o1y
• After creating the assets folder, it keeps the last folder name #13722 by @nopticon
• Floating toolbar pointer improvements #13712 by @JayGeorge
• Fix adding sets to replicators nested inside Grid/Group fields #13723 by @duncanmcclean
• Use ResolveValues to resolve values in EloquentQueryBuilder::pluck() #13726 by @duncanmcclean

Read First

Be sure to read the Upgrade Guide first as manual changes may be necessary. You can also read the Statamic 6 Launch Announcement blog post to learn about many of the new features in depth!

What's new

• A completely redesigned Control Panel
• UI Component library
• Control Panel themes
• Vue 3
• Inertia.js
• Tailwind 4
• Command Palette
• Elevated sessions
• Two-factor authentication
• Passkeys
• Antlers component tag syntax
• Smart view scaffolding
• Addon settings
• Better date and timezone support
• Replicator/Bard sets can have image previews
• Laravel Boost Guidelines
• Publish form overhaul
• Collapsible publish form sections
• Publish form site locale-aware text direction
• Background Static Cache re-caching
• Collection calendar view
• Live Preview hot-reload
• REST API Authentication
• Improved JS and addon workflow
• Vue Composition API support in Fieldtypes

What's changed

• Dropped support for Laravel 11 and PHP 8.2.
• There are a number of breaking changes. Consult the 6.0 upgrade guide.

What's fixed

• Harden remote URL validation #14645 by @jasonvarga

What's fixed

• Always show success when using forgot password form #14539 by @jasonvarga

What's fixed

• Harden query value resolution #14476 by @duncanmcclean
• Harden OrderBys #14474 by @duncanmcclean
• Remove negative assertions from TestCase #14458 by @duncanmcclean

What's fixed

• Add link tag to allowed Antlers tags #14438 by @edalzell
• Add @default support to Antlers content allowlists #14440 by @jasonvarga
• Fix Stache index re-entrancy causing null URIs on cold stache #14181 by @o1y
• Fix form submission types #14430 by @daun

What's fixed

• Harden OrderBys #14421 by @jasonvarga

What's fixed

• Fix term revisions error #14347 by @duncanmcclean

What's fixed

• Fix config through Antlers views #14328 by @jasonvarga
• Sanitize password reset form redirect value #14327 by @jasonvarga
• Restrict markdown preview endpoint #14326 by @jasonvarga
• Add authorization to revision routes #14301 by @duncanmcclean
• Add CSP header to svg route #14325 by @jasonvarga
• Relationship fieldtype authorization tweaks #14307 by @duncanmcclean
• Allow external redirects from Form::getSubmissionRedirect #14318 by @jasonvarga
• Handle more cases in external url detection #14312 by @jasonvarga
• Fix live preview token scope #14304 by @jasonvarga
• Fix PHP sanitization edge cases #14300 by @duncanmcclean

What's fixed

• Harden password reset #14296 by @jasonvarga
• Add additional URL::isExternalToApplication() tests #14288 by @duncanmcclean

What's fixed

• Prevent term creation via fieldtype without permission #14274 by @duncanmcclean
• Prevent path traversal in file dictionary #14272 by @duncanmcclean
• Sanitize SVGs on asset reupload #14270 by @jasonvarga

What's fixed

• Relationship endpoint authorization #14254 by @jasonvarga
• Fix ensure field has config #14195 by @marcorieser
• Removed a comment from the js code output of the StaticCacher #14233 by @micahhenshaw
• Acquire stache-warming lock in Duplicates::find #14176 by @mmodler