Skip to content

Bump @umbraco-cms/backoffice from 17.0.0 to 17.4.2 in /Umbraco.Community.UmbNav#175

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/Umbraco.Community.UmbNav/develop/umbraco-cms/backoffice-17.4.2
Open

Bump @umbraco-cms/backoffice from 17.0.0 to 17.4.2 in /Umbraco.Community.UmbNav#175
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/Umbraco.Community.UmbNav/develop/umbraco-cms/backoffice-17.4.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 25, 2026

Copy link
Copy Markdown
Contributor

Bumps @umbraco-cms/backoffice from 17.0.0 to 17.4.2.

Release notes

Sourced from @​umbraco-cms/backoffice's releases.

17.4.2

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.4.1...release-17.4.2

17.4.1

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.4.0...release-17.4.1

17.4.0

Upgrade Notes

Be aware of a change to behaviour for detecting the Umbraco application URL. Previously, ApplicationMainUrl was automatically set from the Host header of incoming HTTP requests. In environments where Umbraco is not behind a reverse proxy that validates the Host header, this could allow a forged Host header to overwrite the URL used in password reset links, user invitations, and other email notifications. While this is normally mitigated by proper hosting configuration and setting UmbracoApplicationUrl explicitly, we felt that the auto-detection behaviour should be hardened up and become an opt-in rather than the default. You can read more about this under "Breaking Changes" below, the linked PR and the documentation.

There are a few updates related to performance in this release that are worth investigating for larger sites. Using output cache in your projects, with intelligent and customisable detection of page invalidation, is now a configuration option for templated websites, with extension points also applied for the Delivery API. We have optimised content cache rebuild after schema updates, with an option for deferred rebuild in the background. If considering a project with significant expected concurrency for member login and registration, and you prefer to use an external service for member management, the new option for lightweight external members will be worth reviewing.

If working with AI tools such as Umbraco MCP, additions to management API endpoints that expose JSON schema for data types and allow for patch updates of specific properties, should improve accuracy and reliability.

As usual please find the full list of PRs that have contributed to Umbraco 17.4 as follows.

What's Changed Since 17.4.0-rc3

Full Changelog: umbraco/Umbraco-CMS@release-17.4.0-rc3...release-17.4.0

What's Changed Since 17.4.0-r2

📦 Dependencies

🔒 Security

🐛 Bug Fixes

... (truncated)

Commits
  • b87d519 Cache: Only write to url table on a single server in load balanced environmen...
  • f255fd7 Bump version to 17.4.2.
  • 7527de7 Migrations: Add auto upgrade coordination for load-balanced setups (#22815)
  • df12a3e Cache: Add scope-level cache version tier to reduce DB hits in bulk operation...
  • ba29b91 Slider: fix duplicated property editor settings properties (#22898)
  • 336bffe Output Caching: Correctly gate auto-registration of UseOutputCache() middle...
  • 426e516 Content Workspace: Load Data-Types based on Loaded Content Types (#22886)
  • c718a3c Bump version to 17.4.1.
  • 3aa87fe Bump version to 17.4.0.
  • 6c58730 Auth: Un-deprecate getLatestToken and route per-request fetches through it (#...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump @umbraco-cms/backoffice in /Umbraco.Community.UmbNav
612f81a 
Bumps [@umbraco-cms/backoffice](https://github.com/umbraco/Umbraco-CMS) from 17.0.0 to 17.4.2.
- [Release notes](https://github.com/umbraco/Umbraco-CMS/releases)
- [Commits](umbraco/Umbraco-CMS@release-17.0.0...release-17.4.2)

---
updated-dependencies:
- dependency-name: "@umbraco-cms/backoffice"
  dependency-version: 17.4.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file npm npm package updates labels May 25, 2026
@dependabot dependabot Bot mentioned this pull request May 25, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file npm npm package updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants