Bolt 3.7.1 ---------- Released: 2020-05-07. Notable changes: - Security: Check CSRF on Preview page, and prevent renaming files to blacklisted filetypes [#7853](https://github.com/bolt/bolt/pull/#7853) - Change: Add hreflang to allowed_attributes [#7855](https://github.com/bolt/bolt/pull/#7855) - Chore: Updating dependencies [#7842](https://github.com/bolt/bolt/pull/#7842) - Fixed: Fix tag cloud, update NPM deps [#7856](https://github.com/bolt/bolt/pull/#7856) - Fixed: Select field with multiple contenttypes and display values results in a `ContextErrorException` [#7849](https://github.com/bolt/bolt/pull/#7849) - Fixed: Trying to access array offset on value of type `null` with PHP 7.4 [#7843](https://github.com/bolt/bolt/pull/#7843) Special thanks go out [Sivanesh Ashok](https://stazot.com/) for responsibly disclosing the two fixed security issues to us. Bolt 3.7.0 ----------- Released: 2019-11-12. Notable changes: - Change: Dropped support for PHP 5.5, 5.6 and 7.0. [#7826](https://github.com/bolt/bolt/pull/7826) This means the minimum requirement for Bolt 3.7 is now PHP 7.1. Because of this, the default distributions will now include more recent versions of libraries, providing better support for more recent versions of PHP 7.1 and higher out-of-the-box. This is most noticeable with Doctrine, our database library. If you're stuck on an older PHP version, you can keep using Bolt 3.6 for the foreseeable future. Bolt 3.6.11 ----------- Released: 2019-11-10. Notable changes: - Fixed: Fix tags in non-english languages and firefox caching selected options [#7822](https://github.com/bolt/bolt/pull/7822) - Fixed: Fix typo in `AccessControlListener.php` [#7809](https://github.com/bolt/bolt/pull/7809) - Security: Fix CRSF issues in file operations [#7823](https://github.com/bolt/bolt/pull/7823) - Updated: Add `download` to `allowed_attributes` in HTML cleaner [#7808](https://github.com/bolt/bolt/pull/7808) - Updated: Added comment about required IP in `trustProxies` [#7807](https://github.com/bolt/bolt/pull/7807) - Updated: Export improvements [#7812](https://github.com/bolt/bolt/pull/7812) - Updates: Update tests for Doctrine 2.10 compatibility [#7824](https://github.com/bolt/bolt/pull/7824) Special thanks go out f4h4dbt for responsibly disclosing the CSRF issue to us. Bolt 3.6.10 ---------- Released: 2019-08-15. Notable changes: Security: Prevent XSS in system log (for authenticated users) #7802 Security: Prevent XSS in image alt/title (for authenticated users) #7801 Security: Prevent XSS in "Create file" in file manager (for authenticated users) #7800 Fixes: Prevent update of guzzlehttp/psr7 to 1.6, fixes tests #7798 Fixed: Fix taxonomy name collision #7799 Fixed: Rebuilding assets, fixing tags cloud #7794 Bolt 3.6.9 ---------- Released: 2019-06-24. Notable changes: - Added: Add abbreviations to CKeditor, using ``-tag. [#7783](https://github.com/bolt/bolt/pull/7783) - Fixed: Use isIterable over Traversable [#7778](https://github.com/bolt/bolt/pull/7778) - Updated: Select2 updated to 4.0.7, since it _finally_ works on IE 11 again. [#7783](https://github.com/bolt/bolt/pull/7783) ssss