Skip to content

Maintenance release 4.1.13

Compare
Choose a tag to compare
@bobdenotter bobdenotter released this 14 Feb 11:33
· 195 commits to 4.1 since this release

This release includes two security-related fixes. Our thanks go out to Silvia Väli, Clarified Security and Romain Richard for identifying these issues and disclosing them to us responsibly! 👏🙏

You can update from previous Bolt 4 installs by running composer update.

🐛 Bug fixes

  • Selects with multiple: true always have an array value (I-Valchev, #2385)
  • Make sure the magic get uses the configured date_format (I-Valchev, #2383)
  • Fix |order filter by date (I-Valchev, #2382)
  • Keep cache timestamps for all .env files (I-Valchev, #2378)
  • Fix date field with required: true (I-Valchev, #2377)
  • Make multiselect fields iterable in Twig (I-Valchev, #2373)
  • Fix slow tests (bobdenotter, #2370)
  • Use TemplateSelect filter option with directories (I-Valchev, #2361)
  • Fix new checkbox value on existing records (I-Valchev, #2350)
  • Fix record|thumbnail getting different image than record|image (I-Valchev, #2347)
  • Fix |svg filter for images outside of set (I-Valchev, #2345)

🛠️ Miscellaneous

  • [security] Don't allow Path Traversal (bobdenotter, #2371)
  • Fix e-mail address in github issue template (bobdenotter, #2367)
  • [security] Forbid certain theme files from public exposure (I-Valchev, #2348)

⚙️ Code Quality / Developer Experience

  • Remove incorrect PHPDoc @var tag in RelationRepository (I-Valchev, #2374)
  • Remove (abandoned) sensiolabs/security-checker (bobdenotter, #2356)