Releases: bolt/core
Releases · bolt/core
Release list
6.1.5
Note: this release includes a security-related fix!
- Prevent SSRF due to unchecked followed redirects (@Vondry)
Full Changelog: 6.1.4...6.1.5
6.1.4
Note: this release includes several security-related fixes!
- Fix SQL injection in ListFormatHelper (@Vondry)
- Prevent SSRF in upload-from-URL and embed endpoint (@Vondry)
- Filter unpublished/viewless content from the public Relation API (@Vondry)
- Block open redirect on login endpoint (@0xmgaye, fix by @bobvandevijver)
What's Changed
- Bump dependencies by @bobvandevijver in #3730
- Bump http-proxy-middleware from 2.0.9 to 2.0.10 by @dependabot[bot] in #3740
- Bump undici from 6.26.0 to 6.27.0 by @dependabot[bot] in #3737
- Bump launch-editor from 2.14.0 to 2.14.1 by @dependabot[bot] in #3731
- Bump locutus from 2.0.39 to 3.0.25 by @dependabot[bot] in #3744
Full Changelog: 6.1.3...6.1.4
6.1.3
What's Changed
- Prevent user to create/delete folder/files anywhere by @kouz75 in #3717
- Security related fixes by @bobvandevijver in #3723
Full Changelog: 6.1.2...6.1.3
6.1.2
What's Changed
- Upgrade actions to Node24 versions by @bobvandevijver in #3706
- Remove @vue/cli-service by @bobvandevijver in #3707
- Fix MySQL CAST AS TEXT regression by @kouz75 in #3710
- Mysql - Fix field trait item types by @kouz75 in #3713
Full Changelog: 6.1.1...6.1.2
6.1.1
What's Changed
- Bump basic-ftp from 5.2.1 to 5.2.2 by @dependabot[bot] in #3703
- Bump follow-redirects from 1.15.11 to 1.16.0 by @dependabot[bot] in #3705
- Disable save button during form submission by @kouz75 in #3704
New Contributors
Full Changelog: 6.1.0...6.1.1
6.1.0
What's Changed
- Upgrade erusev parsedown packages by @bobvandevijver in #3702
Full Changelog: 6.0.3...6.1.0
6.0.3
What's Changed
- Bump axios from 1.13.5 to 1.15.0 by @dependabot[bot] in #3701
Full Changelog: 6.0.2...6.0.3
6.0.2
What's Changed
- Bump lodash from 4.17.21 to 4.17.23 by @dependabot[bot] in #3666
- Bump locutus from 2.0.16 to 2.0.39 by @dependabot[bot] in #3667
- Bump jsonpath from 1.1.1 to 1.2.0 by @dependabot[bot] in #3669
- Bump axios from 1.12.0 to 1.13.5 by @dependabot[bot] in #3671
- Bump jsonpath from 1.2.0 to 1.2.1 by @dependabot[bot] in #3672
- Bump qs from 6.5.3 to 6.5.4 by @dependabot[bot] in #3674
- Bump systeminformation from 5.28.8 to 5.31.1 by @dependabot[bot] in #3675
- Bump webpack from 5.89.0 to 5.105.0 by @dependabot[bot] in #3670
- Bump qs from 6.5.4 to 6.5.5 by @dependabot[bot] in #3676
- Bump ajv from 6.12.6 to 6.14.0 by @dependabot[bot] in #3677
- Bump bn.js from 4.12.0 to 4.12.3 by @dependabot[bot] in #3678
- Bump rollup from 2.79.1 to 2.80.0 by @dependabot[bot] in #3680
- Bump basic-ftp from 5.0.5 to 5.2.0 by @dependabot[bot] in #3679
- Bump minimatch by @dependabot[bot] in #3681
- Bump immutable from 4.3.4 to 4.3.8 by @dependabot[bot] in #3683
- Bump undici from 6.22.0 to 6.24.0 by @dependabot[bot] in #3687
- Bump jsonpath from 1.2.1 to 1.3.0 by @dependabot[bot] in #3689
- Bump yaml from 1.10.2 to 1.10.3 by @dependabot[bot] in #3690
- Bump picomatch from 2.3.1 to 2.3.2 by @dependabot[bot] in #3691
- Bump path-to-regexp and express by @dependabot[bot] in #3694
- Bump brace-expansion from 1.1.12 to 1.1.13 by @dependabot[bot] in #3695
- Bump basic-ftp from 5.2.0 to 5.2.1 by @dependabot[bot] in #3698
- Fix: null author locale when saving new content by @MrWeb in #3697
- Do not allow erusev/parsedown to fix failing cypress tests by @bobvandevijver in #3700
New Contributors
Full Changelog: 6.0.1...6.0.2