Changelog History
Page 1
-
v3.7.2 Changes
October 19, 2020To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.7/bolt-3.7.2.tar.gz tar -xzf bolt-3.7.2.tar.gz --strip-components=1 php app/nut init
Bolt 3.7.2
🚀 Released: 2020-10-20. Notable changes:
- 🔒 Security: Restrict
filter
options inRequest
in Twig context - 🔒 Security: Provide a stronger secret for
UrlSigner
- 🔒 Security: Allow only directories to be renamed with
renameFolder
#7867 - 🛠 Fixes slashes in directory names #7871
- 🛠 fixed typo 'an' to 'and' in README #7875
- Check if we have a current user, prevent "Trying to access array offset" extension #7869
- 🛠 Fix ContextErrorException in PHP 7.4 #7868
- ⚡️ Update composer.json: Add
"public-dir": "public"
#7866
🔒 Special thanks go out to the following for responsibly disclosing a security issue to us:
- Charles Fol - https://www.ambionics.io/
- ERNW Research GmbH - https://ernw.de/
- 🔒 Security: Restrict
-
v3.7.1 Changes
May 07, 2020To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.7/bolt-v3.7.1.tar.gz tar -xzf bolt-v3.7.1.tar.gz --strip-components=1 php app/nut init
📚 For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
🚀 Released: 2020-05-07. Notable changes:
- 🔒 Security: Check CSRF on Preview page, and prevent renaming files to blacklisted filetypes #7853
- 🔄 Change: Add hreflang to allowed_attributes #7855
- ⚡️ Chore: Updating dependencies #7842
- 🛠 Fixed: Fix tag cloud, update NPM deps #7856
- 🛠 Fixed: Select field with multiple contenttypes and display values results in a
ContextErrorException
#7849 - 🛠 Fixed: Trying to access array offset on value of type
null
with PHP 7.4 #7843
🔒 Special thanks go out Sivanesh Ashok for responsibly disclosing the two fixed security issues to us.
-
v3.7.0 Changes
November 12, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.7/bolt-v3.7.0.tar.gz tar -xzf bolt-v3.7.0.tar.gz --strip-components=1 php app/nut init
📚 For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
🚀 Released: 2019-11-12. Notable changes:
- 🔄 Change: Dropped support for PHP 5.5, 5.6 and 7.0. #7826
This means the minimum requirement for Bolt 3.7 is now PHP 7.1. Because of this,
0️⃣ the default distributions will now include more recent versions of libraries,
👍 providing better support for more recent versions of PHP 7.1 and higher
out-of-the-box. This is most noticeable with Doctrine, our database library.If you're stuck on an older PHP version, you can keep using Bolt 3.6 for the
👀 foreseeable future. -
v3.6.11 Changes
November 10, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.6/bolt-v3.6.11.tar.gz tar -xzf bolt-v3.6.11.tar.gz --strip-components=1 php app/nut init
📚 For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
🚀 Released: 2019-11-10. Notable changes:
- 🛠 Fixed: Fix tags in non-english languages and firefox caching selected options #7822
- 🛠 Fixed: Fix typo in
AccessControlListener.php
#7809 - 🔒 Security: Fix CRSF issues in file operations #7823
- ⚡️ Updated: Add
download
toallowed_attributes
in HTML cleaner #7808 - ⚡️ Updated: Added comment about required IP in
trustProxies
#7807 - ⚡️ Updated: Export improvements #7812
- ⚡️ Updates: Update tests for Doctrine 2.10 compatibility #7824
Special thanks go out f4h4dbt for responsibly disclosing the CSRF issue to us.
-
v3.6.10 Changes
August 15, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.6/bolt-v3.6.9.tar.gz tar -xzf bolt-v3.6.9.tar.gz --strip-components=1 php app/nut init
📚 For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
🚀 Released: 2019-08-15. Notable changes:
- 🔒 Security: Prevent XSS in system log (for authenticated users) #7802
- 🔒 Security: Prevent XSS in image alt/title (for authenticated users) #7801
- 🔒 Security: Prevent XSS in "Create file" in file manager (for authenticated users) #7800
- 🛠 Fixes: Prevent update of
guzzlehttp/psr7
to 1.6, fixes tests #7798 - 🛠 Fixed: Fix taxonomy name collision #7799
- 🛠 Fixed: Rebuilding assets, fixing tags cloud #7794
Special thanks go out to @marcingajda for his contributions, and to @KotatuBot
for responsibly disclosing the XSS issues to us. -
v3.6.9 Changes
June 24, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.6/bolt-v3.6.9.tar.gz tar -xzf bolt-v3.6.9.tar.gz --strip-components=1 php app/nut init
📚 For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
🚀 Released: 2019-06-24. Notable changes:
-
v3.6.8 Changes
May 23, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.6/bolt-v3.6.8.tar.gz tar -xzf bolt-v3.6.8.tar.gz --strip-components=1 php app/nut init
📚 For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
🚀 Released: 2019-05-23. Notable changes:
- 🛠 Fixed: Make sure stripFields is set to array by default #7776
-
v3.6.7 Changes
April 11, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.6/bolt-v3.6.7.tar.gz tar -xzf bolt-v3.6.7.tar.gz --strip-components=1 php app/nut init
📚 For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
🚀 Released: 2019-04-11. Notable changes:
- ➕ Added: "Strip keys" option to excerpt of fields. #7759
- ➕ Added: Add information about how to set up custom CKeditor styles. #7769
- Change: Make sure
accept_file_types
is an INDEXED array, and disallow certain filetypes to be whitelisted. #7768 - 🔄 Change: Make the bootstrap more robust. #7763
- 🛠 Fixed: Compare filename extension lowercased #7772
- 🛠 Fixed: Remove unsupported guzzlehttp version. #7762
🚀 This release comes with special thanks to Felipe Gaspar (fgaspar) for
🔒 responsibly reporting a potential security issue to us. -
v3.6.6 Changes
March 07, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.6/bolt-v3.6.6.tar.gz tar -xzf bolt-v3.6.6.tar.gz --strip-components=1 php app/nut init
📚 For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
🚀 Released: 2019-03-07. Notable changes:
- 🔄 Change: Allow lower and upper case file extensions #7751
- 🔄 Change: Log a warning instead of info when permissions are not configured #7749
- 🛠 Fixed: Add extra workaround for HTML-like and Image fields in preview #7754
- ⚡️ Updated: Update
config.yml.dist
#7748 - ⚡️ Updated: Update
messages.pl_PL.yml
#7747
-
v3.6.5 Changes
February 26, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.6/bolt-v3.6.5.tar.gz tar -xzf bolt-v3.6.5.tar.gz --strip-components=1 php app/nut init
📚 For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
🚀 This release comes with special thanks to Andrea Santese (medu554) for responsibly
🔒 reporting a security issue to us, and to @JarJak for providing a fix.🚀 Released: 2019-02-26. Notable changes: