github getkirby/kirby 5.1.4
on GitHub

9 hours ago

🚨 Security

Cross-site scripting (XSS) in the changes dialog

Severity: medium (CVSS score 5.1)

This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames.

The attack requires user interaction by another Panel user and cannot be automated.

✨ Enhancements

  • Improve the wording and layout of the "Change Password" dialog #7621

🐛 Bug fixes

  • Fixed type hints of css() and js() helpers #7645
  • Pages field dialog lists unwanted pages after navigating back from subpages #7624
  • The large margin below the user profile in the user view is now gone and tabs are set directly below #7651
  • Don’t hide the required asterisk in the field label if the input prop is false. #7642

♻️ Refactored

  • Use the new UI Item classes to create the props for model's dropdown options. #7650

🧹 Housekeeping

  • Updated PHP and JS dependencies
Check out latest releases or
releases around getkirby/kirby 5.1.4

Don't miss a new kirby release

NewReleases is sending notifications on new releases.

Get notifications