Vulnerability in EPiServer.Forms
I've just upgraded our Forms package and I'm actually seeing that NO form classes are being applied. I noticed this when we were doing our testing for an upgrade of the nuget packages, so I isolated to just upgrade with the Episerver.Forms nuget package, and it looks like it's removed the class all together... Not to sure if anyone else has experienced this?
Anyone able to provide some clarity around this at all?
What version did you upgrade from, and to?
Are you talking about CSS classes?
Hi there Thomas,
Apologies for the late response. We upgraded forms package from 4.25.0 to 4.29.0 using the nuget packages. I've taken a screen shot of the classes that I've noticed dissapear. Unless these are custom properties that I've completely misunderstood that we've implemented... But I can't seem to see anywhere in our code base of reference.
If you can let us know any other details, that'd be great.
I just tested with a default Alloy Site.
Episerver Forms 4.25, submit button has the classes Form__Element FormExcludeDataRebind FormSubmitButton.
Epserver Forms 4.29, submit butten has no classes.
I do not know why the classes has been removed.
Yeah, I'm not 100% sure on this either. Great that I'm not the only one seeing this issue after the update.
Could this be a bug and not intentionally meant to be implemented? Unless otherwise, would it be worth raiseing a bug for this do you know? Never experienced an issue so far with any upgrades.
It looks like the form is behaving as expected, so maybe the classes was removed intensionally.If you are unsure, you could:
No dramas on that, I did try and have a look too, didn't see anything mentioned either.
But I'll contact support and see if it is intended or not...
Appreciate the advice and feedback Tomas!
This issue should be obsoleted on Forms 4.29.1. Please check!