"An update already? This soon after the last update?", you might think. It's been only a week since the last release, but we've already released another minor update to Bolt. We've done this because of a few nice improvements but mainly because of a small security issue, that falls into the "better safe than sorry"-category. As such it is a recommended upgrade for all Bolt 2.x websites.

About that security issue

As you might know, the security of Bolt is our utmost priority. This week we've discovered an information disclosure issue in Bolt, which allows an un-authenticated individual to discover the names of the tables that are created in the databases for the contenttypes. While this is not exploitable in and of itself, it is still something that's undesirable, and as such we wanted to get a fix out as soon as possible.

Other improvements and changes

  • Fixed: appending order=... to arbitrary Bolt URLs will no longer silently try to apply sorting to getContent.
  • Fixed: For extensions adding Twig functions in content: isSafe() works correctly now (#2492, thanks @jmschelcher)
  • Change: Use Twig’s resolveTemplate instead of file_exists in Frontend Controller. (#2494, thanks @lavoiesl)
  • Fixed: Remove horizontal scroll on loging screen. (#2495, thanks @cdowdy)
  • Fixed: Ongoing cleanup of translation labels. (thanks @Chilion)
  • Fixed: "Clear Cache" now also clears all generated thumbs from thumbs/
  • Fixed: Nav links in admin dashboard, when accessed over HTTPS (#2499, thanks @glasspelican)
  • Fixed: Much better code-formatting in CKEditor (#2841, thanks @Pinpickle)
  • Added: You can now use multiple slugs in a single contenttype, should you want to. (#2490)
  • Fixed: EXIF orientation and general breakage of thumbnails on older versions of GD has been fixed.
  • Updated: Several used components were updated: Symfony components to 2.6.5, Silex to 1.2.3, Twig to 1.17, Parsedown to 1.5.0, Doctrine DBAL to 2.5.1
  • And a bunch of other, smaller issues. See the Changelog for details...

To upgrade an existing install, or to setup a new one, just follow the instructions for installation or for updating. When you do an upgrade, you will not overwrite your modified settings with the upgrade. You should still make a backup before doing an upgrade, though. Get the latest .tgz or .zip, or browse the folder with the distributions. After the upgrade you will be prompted to update the Database, or you can just use php app/nut database:update from the command line.

comments powered by Disqus