Contact Form 7 5.3.2 has been released. This is an urgent security and maintenance release. We strongly encourage you to update to it immediately.
An unrestricted file upload vulnerability has been found in Contact Form 7 5.3.1 and older versions. Utilizing this vulnerability, a form submitter can bypass Contact Form 7’s filename sanitization, and upload a file which can be executed as a script file on the host server. This issue has been reported by Jinson Varghese Behanan from Astra Security.
Contact Form 7 5.3 is now available. The long-awaited contact form selector block for Block Editor has been introduced. You can now flexibly format a date using more natural expressions. The default contact form template has been improved again. As well as these, 5.3 adds a lot of refinements. Upgrading immediately is recommended.
Contact Form 7 5.2.1 is now available. This is a maintenance release that includes several improvements and bug fixes. Contact Form 7 5.2.1 is also the first release that has been tested with WordPress 5.5.
Flamingo 2.2 is now available. 2.2 has been tested with WordPress 5.5, which is going to be released in a few weeks. Integration with Contact Form 7 has been much improved. I recommend that you upgrade to 2.2 soon.
Contact Form 7 5.2 is now available. This is the first major update in 20 months and includes a lot of improvements and bug fixes. I recommend that you upgrade immediately.
Notice that Contact Form 7 5.2 requires WordPress 5.3 or greater to work. Since WordPress 5.3 requires PHP 5.6.20+ (WordPress recommends PHP 7.4+), Contact Form 7 5.2 cannot work in the PHP 5.2 to 5.5 environments.
