Bolt v3.7.2 Release Notes
Release Date: 2020-10-19 // about 4 years ago-
To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.7/bolt-3.7.2.tar.gz tar -xzf bolt-3.7.2.tar.gz --strip-components=1 php app/nut init
Bolt 3.7.2
๐ Released: 2020-10-20. Notable changes:
- ๐ Security: Restrict
filter
options inRequest
in Twig context - ๐ Security: Provide a stronger secret for
UrlSigner
- ๐ Security: Allow only directories to be renamed with
renameFolder
#7867 - ๐ Fixes slashes in directory names #7871
- ๐ fixed typo 'an' to 'and' in README #7875
- Check if we have a current user, prevent "Trying to access array offset" extension #7869
- ๐ Fix ContextErrorException in PHP 7.4 #7868
- โก๏ธ Update composer.json: Add
"public-dir": "public"
#7866
๐ Special thanks go out to the following for responsibly disclosing a security issue to us:
- Charles Fol - https://www.ambionics.io/
- ERNW Research GmbH - https://ernw.de/
- ๐ Security: Restrict
Previous changes from v3.7.1
-
To do a 15-second install, use the following:
curl -O https://bolt.cm/distribution/archive/3.7/bolt-v3.7.1.tar.gz tar -xzf bolt-v3.7.1.tar.gz --strip-components=1 php app/nut init
๐ For detailed installation instructions and other ways to install, see the documentation: https://docs.bolt.cm/3.6/installation/installation
๐ Released: 2020-05-07. Notable changes:
- ๐ Security: Check CSRF on Preview page, and prevent renaming files to blacklisted filetypes #7853
- ๐ Change: Add hreflang to allowed_attributes #7855
- โก๏ธ Chore: Updating dependencies #7842
- ๐ Fixed: Fix tag cloud, update NPM deps #7856
- ๐ Fixed: Select field with multiple contenttypes and display values results in a
ContextErrorException
#7849 - ๐ Fixed: Trying to access array offset on value of type
null
with PHP 7.4 #7843
๐ Special thanks go out Sivanesh Ashok for responsibly disclosing the two fixed security issues to us.