Bolt v3.7.2 Release Notes

Release Date: 2020-10-19 // about 1 year ago
  • To do a 15-second install, use the following:

    curl -O https://bolt.cm/distribution/archive/3.7/bolt-3.7.2.tar.gz tar -xzf bolt-3.7.2.tar.gz --strip-components=1 php app/nut init
    

    Bolt 3.7.2

    ๐Ÿš€ Released: 2020-10-20. Notable changes:

    • ๐Ÿ”’ Security: Restrict filter options in Request in Twig context
    • ๐Ÿ”’ Security: Provide a stronger secret for UrlSigner
    • ๐Ÿ”’ Security: Allow only directories to be renamed with renameFolder #7867
    • ๐Ÿ›  Fixes slashes in directory names #7871
    • ๐Ÿ›  fixed typo 'an' to 'and' in README #7875
    • Check if we have a current user, prevent "Trying to access array offset" extension #7869
    • ๐Ÿ›  Fix ContextErrorException in PHP 7.4 #7868
    • โšก๏ธ Update composer.json: Add "public-dir": "public" #7866

    ๐Ÿ”’ Special thanks go out to the following for responsibly disclosing a security issue to us:


Previous changes from v3.7.1

  • To do a 15-second install, use the following:

    curl -O https://bolt.cm/distribution/archive/3.7/bolt-v3.7.1.tar.gz
    tar -xzf bolt-v3.7.1.tar.gz --strip-components=1
    php app/nut init
    

    ๐Ÿ“š For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation

    ๐Ÿš€ Released: 2020-05-07. Notable changes:

    • ๐Ÿ”’ Security: Check CSRF on Preview page, and prevent renaming files to blacklisted filetypes #7853
    • ๐Ÿ”„ Change: Add hreflang to allowed_attributes #7855
    • โšก๏ธ Chore: Updating dependencies #7842
    • ๐Ÿ›  Fixed: Fix tag cloud, update NPM deps #7856
    • ๐Ÿ›  Fixed: Select field with multiple contenttypes and display values results in a ContextErrorException #7849
    • ๐Ÿ›  Fixed: Trying to access array offset on value of type null with PHP 7.4 #7843

    ๐Ÿ”’ Special thanks go out Sivanesh Ashok for responsibly disclosing the two fixed security issues to us.