As part of our ongoing maintenance for Bolt 2.1, we've resolved some issues, quirks and bugs that have been discovered. This release has a small list of changes, but we've fixes two issues regarding Cookies and Timezone settings. If you bumped in to these quirks, updating to 2.1.7 will resolve them.
Update: Today we've been made aware of a security-related issue, regarding information disclosure. Thank you, JeromeBreizhtorm! We've fixed this issue, and bumped the version to 2.1.8. As always with security issues: updating to the latest version is strongly recommended, regardless of the perceived severity.
Changes in this release, since 2.1.6:
- Check if folder exists first, when using it for uploads (See #3450)
- Allow 'duplicate' and 'delete' from contextual menu, when a Record has relationships. Fixes #3431
- Don't trigger DBCheck for changed indexes. Fixes #3426
- Make
Application::unsetSessionCookie()
optional and Backwards-compatibility friendly (see #3427) - Make the removal / stripping of
characters in CKEditor fields optional. (see #3373) - Fixed: Allow editing of empty files. (Thanks, @SahAssar, see #3391)
- Added: Always have a fallback for a timezone when it isn't set in either
php.ini
orconfig.yml
(See #3394) - Only show the "delete" button if the page has been saved already. Fixes #3444
- Fixed: prevent error message in
_sub_menu.twig
ifstrict_variables
is set. (See #3462) - Security: Make sure we set the status correctly for 'async' requests. (See #3463)
To install this version from scratch, follow the instructions on the updated installation page in the documentation, as can be found here: Installing Bolt. To upgrade an existing site, see Updating. Be sure to get the correct versions, though: bolt-latest.tar.gz or bolt-latest.zip.
For the lazy:
curl -O http://bolt.cm/distribution/bolt-latest.tar.gz
tar -xzf bolt-latest.tar.gz --strip-components=1
chmod -R 777 files/ app/database/ app/cache/ app/config/ theme/ extensions/