Downloads
Release notes
The 3.6 release of Webform contains numerous bug fixes as well as the critical security fix included in the 3.5 version of Webform. If running a 3.x version of Webform prior to 3.5, it is absolutely critical that you update from your existing 3.x version. Versions prior to 3.5 are vulnerable to complete site comprise by anonymous users.
Security fixes:
SA-CONTRIB-2011-001 - Webform - SQL Injection
Bug fixes:
#1003228: PostgreSQL fix to db_placeholders()
#955024: pg_query() error after upgrade from Webform 6.x-2.10
#948212: Argument not array error in webform.module when using MIME Mail
#1016480: Convert array_fill() calls to db_placeholders() in webform_get_submissions()
#1015372: Remove the "Submit" button from the node/x/webform tab when there are no components yet
#1013452: Double Subject field when using theme_webform_mail_headers
#962022: %email_values token includes components that are not checked if sending more than one e-mail
#973566: Exporting Grid component data does not include blank responses
#966004: MS Excel Download with 'Separate' Select List Format Only Returns Keys
#976240: filename not loaded in form when returning to form saved as draft
#1009308: The textfield component type doesn't set the suffix properly when there is no filter
New features:
#868486: Easier mechanism to open/close forms
#842716: Allow Uppercase Characters in Field Key Field