We’ve released Bolt 1.5.0 as a feature release to Bolt 1.4.0. We're hard at work on Bolt 2.0, but in the six weeks since the last update, a lot of minor improvements were made by us and our contributors. Quite a few of the changes in this version are nice, little improvements, and we wanted to get them out sooner rather than later. This release also has a few improvements that will make the transition to Bolt 2.0 even smoother, which will be out in a month or two.
Highlights of this release:
- New Authenticate extension: Allow website visitors to connect using various OAuth providers like Google, Facebook, Twitter and Github. Easy to use in your own extensions / templates. For a working example, check out our Snippets website, which is almost finished: http://snippets.bolt.cm
- Bolt is now more consistent when it comes to trailing slashes in URLs. Bolt will generate URLs like
/page/about, but it will accept both with or without trailing slash. Thanks@jcracknell
- The plural and singular of a contenttype can now be the same. For example, you can now use 'news' for the contenttype, and 'news/lorum-ipsum' for a single record.
- You can now use taxonomies in your routing. For example
/books/the-hobbit, based on the categories of the contenttype.
- Fixed an issue with 'default_status', where it wouldn't pick up an override from contenttypes.yml
- The backend is better at keeping its position when using "save & return to overview". You'll get returned to the dashboard, or the correct overview page, keeping the current position or filtering.
- Added the functionality for extensions to dynamically add their own tables to the database, and keep them updated between versions. Just like the tables in Bolt itself.
- Added a new WaffleOrders extension. Mainly interesting for those of you who are interested in writing extensions, because it's a good example of how to create your own tables and database-handling in an extension.
- Several minor security-related issues were fixed:
- Implemented CSRF for contentedit
- Use POST for user actions, with a CSRF token
- Regenerate session ID when logging in / out
- Some extra sanitising for filenames of uploaded files. Ref #902
- Themes can now have their own config files. Fixes [#854](https://github.com/bolt/bolt/issues/854 "Themes should be able to use an "option file".")
- Be slightly more lenient on 'empty passwords': Allow empty password for 'users', but not for 'root'. Resolves #863.
- Display a notice, if a content type uses a non-existing field-type. Fixes #869.
- The collapsed version of the debug toolbar now properly shows a Bolt nut. Fixes #833
- Added the option for Bolt to directly render static pages. Thanks, @jcracknell
- Several fixes to the stability of Swiftmailer and Simpleforms. Thanks, @terwey!
- Symfony updated to version 2.4.2
- Added an extra check for DB-connectivity. If not, display a friendlier message. Also, don't disclose the DB-username.
- Removed the default Robots.txt. #882
- Added support for 'named' forms, fixed empty not required file uploads. Prevents issues when having more than one Simpleform on a single page.
- Some modifications/fixes for composer installation. (mostly thanks to @rixbeck)
- Updated several translations, like Dutch and Hungarian.
- Compatibility fix for Apache 2.4 in .htaccess. Hopefully fixes #926.
- Added option to disable Silex' built-in native filebased session handler.
- Fix for adding "date" and "datetime" fields in SQLite. Added "notnull => false" to date and date time fields. Fixes #911
- The "order()"-filter now accepts two parameters, for more fine-grained ordering. Fixes #912.
- Allow 'format' option in relationships, to tweak the output of each line in the select menu. Fixes #913.
- Added 'twig'-filter to parse snippets of twig, straight from twig! Twigception!
- Made the filetypes that are allowed to be uploaded configurable in config.yml. Added an extra check for uploads in the backend as well.
- Bolt now doesn't throw an error when you've cleared contenttypes.yml
- When re-doing the initial setup, bolt no longer throws an error when the database is suddenly missing. Fixes #891.
- Tweaked the header bar. Less grungy patterns.
- And a whole bunch of other smaller tweaks and fixes.
To upgrade an existing install, or to setup a new one, just follow the instructions for installation or for updating. When you do an upgrade, you will not overwrite your modified settings with the upgrade. You should still make a backup before doing an upgrade, though. Get the latest .tgz or .zip, or browse the folder with the distributions.
Updating should be just as simple as always, but behind the screens some extra things are done, because the Roles need to be initialized for existing users. If you're updating from any version older than 1.4.0, you will be promoted to ‘root’ the first time you log on. If you have multiple users, you should check and verify that your users are still able to do what they should be able to do.