Bump Umbraco.Cms.DevelopmentMode.Backoffice from 17.3.4 to 17.4.0#176
Merged
alexsee merged 1 commit intoMay 21, 2026
Conversation
dependabot
Bot
added
.NET
Owner
|
@dependabot rebase |
--- updated-dependencies: - dependency-name: Umbraco.Cms.DevelopmentMode.Backoffice dependency-version: 17.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/nuget/UmbracoContainer/Umbraco.Cms.DevelopmentMode.Backoffice-17.4.0
branch
from
98963c5 to
ca5ce9b
Compare
alexsee
deleted the
dependabot/nuget/UmbracoContainer/Umbraco.Cms.DevelopmentMode.Backoffice-17.4.0
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated Umbraco.Cms.DevelopmentMode.Backoffice from 17.3.4 to 17.4.0.
Release notes
Sourced from Umbraco.Cms.DevelopmentMode.Backoffice's releases.
17.4.0
Upgrade Notes
Be aware of a change to behaviour for detecting the Umbraco application URL. Previously,
ApplicationMainUrlwas automatically set from the Host header of incoming HTTP requests. In environments where Umbraco is not behind a reverse proxy that validates the Host header, this could allow a forged Host header to overwrite the URL used in password reset links, user invitations, and other email notifications. While this is normally mitigated by proper hosting configuration and settingUmbracoApplicationUrlexplicitly, we felt that the auto-detection behaviour should be hardened up and become an opt-in rather than the default. You can read more about this under "Breaking Changes" below, the linked PR and the documentation.There are a few updates related to performance in this release that are worth investigating for larger sites. Using output cache in your projects, with intelligent and customisable detection of page invalidation, is now a configuration option for templated websites, with extension points also applied for the Delivery API. We have optimised content cache rebuild after schema updates, with an option for deferred rebuild in the background. If considering a project with significant expected concurrency for member login and registration, and you prefer to use an external service for member management, the new option for lightweight external members will be worth reviewing.
If working with AI tools such as Umbraco MCP, additions to management API endpoints that expose JSON schema for data types and allow for patch updates of specific properties, should improve accuracy and reliability.
As usual please find the full list of PRs that have contributed to Umbraco 17.4 as follows.
What's Changed Since 17.4.0-rc3
Full Changelog: umbraco/Umbraco-CMS@release-17.4.0-rc3...release-17.4.0
What's Changed Since 17.4.0-r2
📦 Dependencies
🔒 Security
localize.htmlString()helper to prevent XSS in HTML-rendered translations by @iOvergaard in Backoffice: Add localize.htmlString() helper to prevent XSS in HTML-rendered translations umbraco/Umbraco-CMS#22731🐛 Bug Fixes
Fallback.ToAncestorswith no match throwing exception at property level (closes #22759) umbraco/Umbraco-CMS#22763Full Changelog: umbraco/Umbraco-CMS@release-17.4.0-rc2...release-17.4.0-rc3
What's Changed Since 17.4.0-rc
🐛 Bug Fixes
Full Changelog: umbraco/Umbraco-CMS@release-17.4.0-rc...release-17.4.0-rc2
What's Changed Since the Previous Version (17.3.5)
🙌 Notable Changes
... (truncated)
17.4.0-rc3
Upgrade Notes
Be aware of a change to behaviour for detecting the Umbraco application URL. Previously,
ApplicationMainUrlwas automatically set from the Host header of incoming HTTP requests. In environments where Umbraco is not behind a reverse proxy that validates the Host header, this could allow a forged Host header to overwrite the URL used in password reset links, user invitations, and other email notifications. While this is normally mitigated by proper hosting configuration and settingUmbracoApplicationUrlexplicitly, we felt that the auto-detection behaviour should be hardened up and become an opt-in rather than the default. You can read more about this under "Breaking Changes" below, the linked PR and the documentation.There are a few updates related to performance in this release that are worth investigating for larger sites. Using output cache in your projects, with intelligent and customisable detection of page invalidation, is now a configuration option for templated websites, with extension points also applied for the Delivery API. We have optimised content cache rebuild after schema updates, with an option for deferred rebuild in the background. If considering a project with significant expected concurrency for member login and registration, and you prefer to use an external service for member management, the new option for lightweight external members will be worth reviewing.
If working with AI tools such as Umbraco MCP, additions to management API endpoints that expose JSON schema for data types and allow for patch updates of specific properties, should improve accuracy and reliability.
As usual please find the full list of PRs that have contributed to Umbraco 17.4 as follows.
What's Changed Since 17.4.0-r2
📦 Dependencies
🔒 Security
localize.htmlString()helper to prevent XSS in HTML-rendered translations by @iOvergaard in Backoffice: Add localize.htmlString() helper to prevent XSS in HTML-rendered translations umbraco/Umbraco-CMS#22731🐛 Bug Fixes
Fallback.ToAncestorswith no match throwing exception at property level (closes #22759) umbraco/Umbraco-CMS#22763Full Changelog: umbraco/Umbraco-CMS@release-17.4.0-rc2...release-17.4.0-rc3
What's Changed Since 17.4.0-rc
🐛 Bug Fixes
Full Changelog: umbraco/Umbraco-CMS@release-17.4.0-rc...release-17.4.0-rc2
What's Changed Since the Previous Version (17.3.5)
🙌 Notable Changes
... (truncated)
17.4.0-rc2
Upgrade Notes
Be aware of a change to behaviour for detecting the Umbraco application URL. Previously,
ApplicationMainUrlwas automatically set from the Host header of incoming HTTP requests. In environments where Umbraco is not behind a reverse proxy that validates the Host header, this could allow a forged Host header to overwrite the URL used in password reset links, user invitations, and other email notifications. While this is normally mitigated by proper hosting configuration and settingUmbracoApplicationUrlexplicitly, we felt that the auto-detection behaviour should be hardened up and become an opt-in rather than the default. You can read more about this under "Breaking Changes" below, the linked PR and the documentation.There are a few updates related to performance in this release that are worth investigating for larger sites. Using output cache in your projects, with intelligent and customisable detection of page invalidation, is now a configuration option for templated websites, with extension points also applied for the Delivery API. We have optimised content cache rebuild after schema updates, with an option for deferred rebuild in the background. If considering a project with significant expected concurrency for member login and registration, and you prefer to use an external service for member management, the new option for lightweight external members will be worth reviewing.
If working with AI tools such as Umbraco MCP, additions to management API endpoints that expose JSON schema for data types and allow for patch updates of specific properties, should improve accuracy and reliability.
As usual please find the full list of PRs that have contributed to Umbraco 17.4 as follows.
What's Changed Since 17.4.0-rc
🐛 Bug Fixes
Full Changelog: umbraco/Umbraco-CMS@release-17.4.0-rc...release-17.4.0-rc2
What's Changed Since the Previous Version (17.3.5)
🙌 Notable Changes
💥 Breaking Changes
ApplicationUrlDetectionsetting to control application URL auto-detection by @AndyButland in Application URL: AddApplicationUrlDetectionsetting to control application URL auto-detection umbraco/Umbraco-CMS#22307📦 Dependencies
System.Security.Cryptography.Xmlto resolve vulnerability warning by @AndyButland in Dependencies: PinSystem.Security.Cryptography.Xmlto resolve vulnerability warning umbraco/Umbraco-CMS#22514🚤 Performance
FullDataSetRepositoryCachePolicyusage across all repositories by @AndyButland in Performance: OptimizeFullDataSetRepositoryCachePolicyusage across all repositories umbraco/Umbraco-CMS#22264ContentTypeRepositorydeep-clone on cache reads (closes #22250) by @AndyButland in Performance: OptimizeContentTypeRepositorydeep-clone on cache reads (closes #22250) umbraco/Umbraco-CMS#22263GeneratedRegexinstead of generating at runtime in string extensions by @Henr1k80 in Performance: UseGeneratedRegexinstead of generating at runtime in string extensions umbraco/Umbraco-CMS#22534_publishedContentCachehas a cached version inMediaCacheServiceby @Henr1k80 in Performance: Avoid allocating a string if_publishedContentCachehas a cached version inMediaCacheServiceumbraco/Umbraco-CMS#22535UdiParser(eliminate closure, fix naming & formatting of exceptions) by @Henr1k80 in Performance: Micro-optimisation inUdiParser(eliminate closure, fix naming & formatting of exceptions) umbraco/Umbraco-CMS#22506... (truncated)
17.4.0-rc
Upgrade Notes
Be aware of a change to behaviour for detecting the Umbraco application URL. Previously,
ApplicationMainUrlwas automatically set from the Host header of incoming HTTP requests. In environments where Umbraco is not behind a reverse proxy that validates the Host header, this could allow a forged Host header to overwrite the URL used in password reset links, user invitations, and other email notifications. While this is normally mitigated by proper hosting configuration and settingUmbracoApplicationUrlexplicitly, we felt that the auto-detection behaviour should be hardened up and become an opt-in rather than the default. You can read more about this under "Breaking Changes" below, the linked PR and the documentation.There are a few updates related to performance in this release that are worth investigating for larger sites. Using output cache in your projects, with intelligent and customisable detection of page invalidation, is now a configuration option for templated websites, with extension points also applied for the Delivery API. We have optimised content cache rebuild after schema updates, with an option for deferred rebuild in the background. If considering a project with significant expected concurrency for member login and registration, and you prefer to use an external service for member management, the new option for lightweight external members will be worth reviewing.
If working with AI tools such as Umbraco MCP, additions to management API endpoints that expose JSON schema for data types and allow for patch updates of specific properties, should improve accuracy and reliability.
As usual please find the full list of PRs that have contributed to Umbraco 17.4 as follows.
What's Changed
🙌 Notable Changes
💥 Breaking Changes
ApplicationUrlDetectionsetting to control application URL auto-detection by @AndyButland in Application URL: AddApplicationUrlDetectionsetting to control application URL auto-detection umbraco/Umbraco-CMS#22307📦 Dependencies
System.Security.Cryptography.Xmlto resolve vulnerability warning by @AndyButland in Dependencies: PinSystem.Security.Cryptography.Xmlto resolve vulnerability warning umbraco/Umbraco-CMS#22514🚤 Performance
FullDataSetRepositoryCachePolicyusage across all repositories by @AndyButland in Performance: OptimizeFullDataSetRepositoryCachePolicyusage across all repositories umbraco/Umbraco-CMS#22264ContentTypeRepositorydeep-clone on cache reads (closes #22250) by @AndyButland in Performance: OptimizeContentTypeRepositorydeep-clone on cache reads (closes #22250) umbraco/Umbraco-CMS#22263GeneratedRegexinstead of generating at runtime in string extensions by @Henr1k80 in Performance: UseGeneratedRegexinstead of generating at runtime in string extensions umbraco/Umbraco-CMS#22534_publishedContentCachehas a cached version inMediaCacheServiceby @Henr1k80 in Performance: Avoid allocating a string if_publishedContentCachehas a cached version inMediaCacheServiceumbraco/Umbraco-CMS#22535UdiParser(eliminate closure, fix naming & formatting of exceptions) by @Henr1k80 in Performance: Micro-optimisation inUdiParser(eliminate closure, fix naming & formatting of exceptions) umbraco/Umbraco-CMS#22506OptimizeInvariantUrlRecordstimeout on SQL Server (closes #22377) by @AndyButland in Migrations: Fix potentialOptimizeInvariantUrlRecordstimeout on SQL Server (closes #22377) umbraco/Umbraco-CMS#22382🌈 Accessibility Improvements
... (truncated)
17.3.5
What's Changed
🐛 Bug Fixes
Full Changelog: umbraco/Umbraco-CMS@release-17.3.4...release-17.3.5
Commits viewable in compare view.