As part of our ongoing maintenance for Bolt 2.1, we've resolved some issues, quirks and bugs that have been discovered. This release has a small list of changes, but we've fixes two issues regarding Cookies and Timezone settings. If you bumped in to these quirks, updating to 2.1.7 will resolve them.
Update: Today we've been made aware of a security-related issue, regarding information disclosure. Thank you, JeromeBreizhtorm! We've fixed this issue, and bumped the version to 2.1.8. As always with security issues: updating to the latest version is strongly recommended, regardless of the perceived severity.
Changes in this release, since 2.1.6:
- Check if folder exists first, when using it for uploads (See #3450)
- Allow 'duplicate' and 'delete' from contextual menu, when a Record has relationships. Fixes #3431
- Don't trigger DBCheck for changed indexes. Fixes #3426
Application::unsetSessionCookie()optional and Backwards-compatibility friendly (see #3427)
- Make the removal / stripping of
characters in CKEditor fields optional. (see #3373)
- Fixed: Allow editing of empty files. (Thanks, @SahAssar, see #3391)
- Added: Always have a fallback for a timezone when it isn't set in either
- Only show the "delete" button if the page has been saved already. Fixes #3444
- Fixed: prevent error message in
strict_variablesis set. (See #3462)
- Security: Make sure we set the status correctly for 'async' requests. (See #3463)
To install this version from scratch, follow the instructions on the updated installation page in the documentation, as can be found here: Installing Bolt. To upgrade an existing site, see Updating. Be sure to get the correct versions, though: bolt-latest.tar.gz or bolt-latest.zip.
For the lazy:
curl -O http://bolt.cm/distribution/bolt-latest.tar.gz tar -xzf bolt-latest.tar.gz --strip-components=1 chmod -R 777 files/ app/database/ app/cache/ app/config/ theme/ extensions/