We've released Bolt 3.2.5 as a maintenance and security release. Swiftmailer, one of the libraries Bolt uses, released a security update today, in which a serious vulnerability was fixed. For more information about this, see:

Although we are not aware of a way to exploit this vulnerability in existing Bolt installations, it is our policy to pass on security patches immediately. We strongly recommend all Bolt users to upgrade their installations.

Notable changes:

  • Security: Update Swiftmailer to ^5.4.5 per CVE-2016-10074. #6204
  • Added: Added "Save" button in Live editor. #6178 #6182
  • Fixed: Frontend no longer starting a session, when it shouldn't. #6196, #35
  • Fixed: Don't persist unset fields on update. #6199
  • Fixed: Fix regex in yamlupdater. #6197
  • Fixed: Slug generation with multiple fields respect ordering now. #6191

Installation & Upgrade

To install this version from scratch, follow the instructions on the updated installation page in the documentation, as can be found here: Installing Bolt.

To upgrade an existing site, see Updating. Be sure to get the correct versions, though: bolt-latest.tar.gz or bolt-latest.zip.

If you need the version with all files inside the web root, grab bolt-latest-flat-structure.tar.gz or bolt-latest-flat-structure.zip.

To do a 15-second install, use the following:

curl -O https://bolt.cm/distribution/bolt-latest.tar.gz
tar -xzf bolt-latest.tar.gz --strip-components=1
php app/nut init


After this, you might need to set the correct permissions for the cache and image folders. Check our documentation on File system permissions. If you have any questions or remarks, post a comment below, or join us on Slack or IRC.

comments powered by Disqus