CivicTheme 1.12.0

CivicTheme 1.12.0 includes an important security update, new features and a number of accessibility improvements.

Security release

This release contains fixes for:

• CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112

• CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113

We recommend updating to CivicTheme 1.12.0. Sites on earlier versions should upgrade to version 1.12 to remediate the risk.

We recognise that sub-theme's of CivicTheme can also carry these XSS and information disclosure risks.

Visit have created manual mitigation instructions if you are unable to update to CivicTheme 1.12.0 right away and for how to assess risk within your sub-theme customisations.

Manual instructions can be found at Security update - 1.12.0.

What's new

Below is a selection of updates and fixes in release 1.12. For the full list of issues released, visit CivicTheme 1.12.0.

New features

• Multi-line header. The header can now be configured so the primary navigation uses the full width of the container, allowing the logo to display in the container above, also allowing more space for the logo. This is helpful for sites that require more than 4 primary navigation items, and/or have a wide or co-branded logo.

• Message organism. A new component with four styling options to highlight an important message anywhere within a page.

• Inline filter. Uplift to search results and so the keyword is displayed in search results message and in code for screen reading technology.

• Fast fact card. A new card that can be used to display simple facts about your organisation.

• Automation script added for GovCMS site setup.

Accessibility

• Improved video transcript functionality.

• Card design updates implemented.

• Updates to Link atom and content links.

• Improved search results messaging.

SDC continued improvement

• CSS versions of SCSS variables added.

• CSS variables for typography use added.

• Single Directory Component validation and error handling implemented.

Bug fixes & improvments

• Enhanced menu theming system.

• Site breaking when viewing nodes that reference archived webforms.

• Search form element issues resolved.

• Email addresses being incorrectly converted to links.

• Issues caused by logo paths with spaces.

• Striptags error on webform messages.

• PHP Twig bug where menu_level_modifier_class was not in scope.

• Attachment component not resetting file extension from previous items.

• Mobile menu visibility problems on non-drawer/dropdown links.