Maintenance release 4.1.13
This release includes two security-related fixes. Our thanks go out to Silvia Väli, Clarified Security and Romain Richard for identifying these issues and disclosing them to us responsibly!
You can update from previous Bolt 4 installs by running composer update.
🐛 Bug fixes
- Selects with
multiple: truealways have an array value (I-Valchev, #2385) - Make sure the magic
getuses the configureddate_format(I-Valchev, #2383) - Fix
|orderfilter by date (I-Valchev, #2382) - Keep cache timestamps for all
.envfiles (I-Valchev, #2378) - Fix date field with
required: true(I-Valchev, #2377) - Make multiselect fields iterable in Twig (I-Valchev, #2373)
- Fix slow tests (bobdenotter, #2370)
- Use TemplateSelect
filteroption with directories (I-Valchev, #2361) - Fix new checkbox value on existing records (I-Valchev, #2350)
- Fix
record|thumbnailgetting different image thanrecord|image(I-Valchev, #2347) - Fix
|svgfilter for images outside of set (I-Valchev, #2345)
🛠️ Miscellaneous
- [security] Don't allow Path Traversal (bobdenotter, #2371)
- Fix e-mail address in github issue template (bobdenotter, #2367)
- [security] Forbid certain theme files from public exposure (I-Valchev, #2348)