Version 1.1.0
July 3, 2026
Added
- Frontend validation and UI messages now follow the current site's language, with translated defaults shipped in English, French, German, Spanish, Italian, and Dutch. Per-field custom messages still take precedence.
- Per-site submission export: the export modal has a Sites checkbox group (All/None) with a live per-site subtotal, so you can export every site or just a subset. The Submissions list also gains a site filter on multi-site installs.
- Multi-page forms: pressing Enter advances to the next step instead of submitting early, and a server-side error reveals the page holding the first invalid field.
- reCAPTCHA v3: a Branding setting that hides Google's floating badge and shows the required inline disclosure notice near the submit button (default, always visible and Terms-compliant), or keeps Google's floating badge.
- reCAPTCHA v3: a per-form score threshold override that falls back to the global default when left blank.
- reCAPTCHA v3: the verification score is now logged and stored on each submission, shown as CAPTCHA Score in the control panel.
- A per-form Reject submission on CAPTCHA failure toggle.
- Submissions now record and display a Spam Reason (honeypot, blocked email domain, blocked keyword, or CAPTCHA), shown on the submission detail and available as an optional column in submission exports.
- Translations for all new control-panel strings across German, Dutch, French, Spanish, and Italian.
- Notification email events —
EVENT_BEFORE_SEND_NOTIFICATION(cancelable, mutate message/recipients) andEVENT_AFTER_SEND_NOTIFICATION. - The notification subject is now translatable per site, with the default subject as a fallback.
- Date, time and date-and-time field values are shown in the relevant site locale — always in notification emails, and in CSV export via an opt-in Localize dates toggle.
- CSV export: a File columns choice renders uploaded-file fields as their full path (default), file name, or Craft asset id.
Changed
- A failed CAPTCHA is now filed silently as spam by default — consistent with honeypot and blocked-keyword handling — instead of hard-rejecting with an error. Enable the per-form Reject submission on CAPTCHA failure toggle for the previous behavior.
- Every CAPTCHA outcome is now written to
easy-form.log; previously only score-based blocks were logged, so missing/invalid-token failures were silent. - Spam submissions no longer trigger email notifications or webhooks — a flagged
submission never emails admins or a dynamic
{email}recipient. - Manually re-sending a notification now requires the Edit submissions permission; saving plugin settings requires an admin account.
- Expanded the blocked upload-extension list (php8, phps, xhtml, mhtml, swf, and more), and CSV exports now include a UTF-8 BOM so Excel reads accented and non-Latin characters correctly.
- Notifications fall back to the system mail settings when no sender is set, and an invalid or unresolved-placeholder Reply-To is skipped rather than failing the send.
- reCAPTCHA v3 now verifies the token's action as an anti-replay measure, and unique-value checks work on PostgreSQL as well as MySQL.
- Notification send failures now log exactly where they broke — the step and, for a value problem, the specific field.
- File-field values export as a comma-separated list of files rather than raw JSON.
- Conditional-sending rules are kept when a notification is left on "Always send" (previously they were dropped on save), the rule "field handle" input suggests the form's fields, and Enter inside a notification input no longer saves the page.
Version 1.0.0
June 25, 2026
First public release.
Added
- Frontend form rendering with the
easyForm('handle')Twig function, including per-form behavior toggles (submit/prev/next button text & classes, redirect URL, success-message persistence, and the option to disable frontend validation). - Visual Control Panel form builder with fields, rows, and multi-page forms.
- Structural per-site localization: fields, rows, and pages, plus per-site labels, option values, and default values.
- Conditional field visibility (show/hide logic with
equals,isEmpty,isNotEmpty, and related operators). - Presentational fields (headings and info/warning messages) that render but are trimmed from stored submissions and exports.
- Custom markup support via
easyFormLayout('handle')for fully hand-rolled templates. - A frontend field allowlist with both server-side and client-side validation and translated validation messages.
- File uploads to an asset volume or the filesystem, with extension allow/block lists, size limits, and sanitized on-disk filenames.
- Spam protection: honeypot, pluggable CAPTCHA providers, and per-form rate limiting.
- Email notifications with an interactive content editor, per-site content, field tokens, markdown, and per-site enable toggles.
- Outgoing webhooks with SSRF protection (private/reserved/loopback addresses blocked).
- CSV submission exports that mirror the Control Panel view and neutralize formula injection.
- Submission storage with privacy & retention controls and automatic cleanup of uploaded files on submission delete, plugin delete, and uninstall.
- Server-side events for transforming, injecting, inspecting, or cancelling submissions, plus form save/delete events for cache invalidation.
- Frontend JavaScript events & hooks.
- Debug logging routed to a dedicated
easy-form.logfile. - Console commands, including
forms/resaveand dev seeders.