Changelog History
Page 1
-
v3.7.2 Changes
October 19, 2020To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.7/bolt-3.7.2.tar.gz tar -xzf bolt-3.7.2.tar.gz --strip-components=1 php app/nut initBolt 3.7.2
๐ Released: 2020-10-20. Notable changes:
- ๐ Security: Restrict
filteroptions inRequestin Twig context - ๐ Security: Provide a stronger secret for
UrlSigner - ๐ Security: Allow only directories to be renamed with
renameFolder#7867 - ๐ Fixes slashes in directory names #7871
- ๐ fixed typo 'an' to 'and' in README #7875
- Check if we have a current user, prevent "Trying to access array offset" extension #7869
- ๐ Fix ContextErrorException in PHP 7.4 #7868
- โก๏ธ Update composer.json: Add
"public-dir": "public"#7866
๐ Special thanks go out to the following for responsibly disclosing a security issue to us:
- Charles Fol - https://www.ambionics.io/
- ERNW Research GmbH - https://ernw.de/
- ๐ Security: Restrict
-
v3.7.1 Changes
May 07, 2020To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.7/bolt-v3.7.1.tar.gz tar -xzf bolt-v3.7.1.tar.gz --strip-components=1 php app/nut init๐ For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
๐ Released: 2020-05-07. Notable changes:
- ๐ Security: Check CSRF on Preview page, and prevent renaming files to blacklisted filetypes #7853
- ๐ Change: Add hreflang to allowed_attributes #7855
- โก๏ธ Chore: Updating dependencies #7842
- ๐ Fixed: Fix tag cloud, update NPM deps #7856
- ๐ Fixed: Select field with multiple contenttypes and display values results in a
ContextErrorException#7849 - ๐ Fixed: Trying to access array offset on value of type
nullwith PHP 7.4 #7843
๐ Special thanks go out Sivanesh Ashok for responsibly disclosing the two fixed security issues to us.
-
v3.7.0 Changes
November 12, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.7/bolt-v3.7.0.tar.gz tar -xzf bolt-v3.7.0.tar.gz --strip-components=1 php app/nut init๐ For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
๐ Released: 2019-11-12. Notable changes:
- ๐ Change: Dropped support for PHP 5.5, 5.6 and 7.0. #7826
This means the minimum requirement for Bolt 3.7 is now PHP 7.1. Because of this,
0๏ธโฃ the default distributions will now include more recent versions of libraries,
๐ providing better support for more recent versions of PHP 7.1 and higher
out-of-the-box. This is most noticeable with Doctrine, our database library.If you're stuck on an older PHP version, you can keep using Bolt 3.6 for the
๐ foreseeable future. -
v3.6.11 Changes
November 10, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.6/bolt-v3.6.11.tar.gz tar -xzf bolt-v3.6.11.tar.gz --strip-components=1 php app/nut init๐ For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
๐ Released: 2019-11-10. Notable changes:
- ๐ Fixed: Fix tags in non-english languages and firefox caching selected options #7822
- ๐ Fixed: Fix typo in
AccessControlListener.php#7809 - ๐ Security: Fix CRSF issues in file operations #7823
- โก๏ธ Updated: Add
downloadtoallowed_attributesin HTML cleaner #7808 - โก๏ธ Updated: Added comment about required IP in
trustProxies#7807 - โก๏ธ Updated: Export improvements #7812
- โก๏ธ Updates: Update tests for Doctrine 2.10 compatibility #7824
Special thanks go out f4h4dbt for responsibly disclosing the CSRF issue to us.
-
v3.6.10 Changes
August 15, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.6/bolt-v3.6.9.tar.gz tar -xzf bolt-v3.6.9.tar.gz --strip-components=1 php app/nut init๐ For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
๐ Released: 2019-08-15. Notable changes:
- ๐ Security: Prevent XSS in system log (for authenticated users) #7802
- ๐ Security: Prevent XSS in image alt/title (for authenticated users) #7801
- ๐ Security: Prevent XSS in "Create file" in file manager (for authenticated users) #7800
- ๐ Fixes: Prevent update of
guzzlehttp/psr7to 1.6, fixes tests #7798 - ๐ Fixed: Fix taxonomy name collision #7799
- ๐ Fixed: Rebuilding assets, fixing tags cloud #7794
Special thanks go out to @marcingajda for his contributions, and to @KotatuBot
for responsibly disclosing the XSS issues to us. -
v3.6.9 Changes
June 24, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.6/bolt-v3.6.9.tar.gz tar -xzf bolt-v3.6.9.tar.gz --strip-components=1 php app/nut init๐ For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
๐ Released: 2019-06-24. Notable changes:
-
v3.6.8 Changes
May 23, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.6/bolt-v3.6.8.tar.gz tar -xzf bolt-v3.6.8.tar.gz --strip-components=1 php app/nut init๐ For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
๐ Released: 2019-05-23. Notable changes:
- ๐ Fixed: Make sure stripFields is set to array by default #7776
-
v3.6.7 Changes
April 11, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.6/bolt-v3.6.7.tar.gz tar -xzf bolt-v3.6.7.tar.gz --strip-components=1 php app/nut init๐ For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
๐ Released: 2019-04-11. Notable changes:
- โ Added: "Strip keys" option to excerpt of fields. #7759
- โ Added: Add information about how to set up custom CKeditor styles. #7769
- Change: Make sure
accept_file_typesis an INDEXED array, and disallow certain filetypes to be whitelisted. #7768 - ๐ Change: Make the bootstrap more robust. #7763
- ๐ Fixed: Compare filename extension lowercased #7772
- ๐ Fixed: Remove unsupported guzzlehttp version. #7762
๐ This release comes with special thanks to Felipe Gaspar (fgaspar) for
๐ responsibly reporting a potential security issue to us. -
v3.6.6 Changes
March 07, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.6/bolt-v3.6.6.tar.gz tar -xzf bolt-v3.6.6.tar.gz --strip-components=1 php app/nut init๐ For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
๐ Released: 2019-03-07. Notable changes:
- ๐ Change: Allow lower and upper case file extensions #7751
- ๐ Change: Log a warning instead of info when permissions are not configured #7749
- ๐ Fixed: Add extra workaround for HTML-like and Image fields in preview #7754
- โก๏ธ Updated: Update
config.yml.dist#7748 - โก๏ธ Updated: Update
messages.pl_PL.yml#7747
-
v3.6.5 Changes
February 26, 2019To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.6/bolt-v3.6.5.tar.gz tar -xzf bolt-v3.6.5.tar.gz --strip-components=1 php app/nut init๐ For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
๐ This release comes with special thanks to Andrea Santese (medu554) for responsibly
๐ reporting a security issue to us, and to @JarJak for providing a fix.๐ Released: 2019-02-26. Notable changes: