Merge pull request #3303 from bolt/release/5.1.13

Prepare release Bolt 5.1.13
bolt · Aug 26, 2022 · 0539de1 · 0539de1
2 parents 74595a9 + b5e1285
commit 0539de1
Show file tree

Hide file tree

Showing 6 changed files with 1,482 additions and 1,170 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,13 +1,35 @@
 Changelog
 =========
 
+## 5.1.13
+
+Released: 2022-08-26
+
+This release includes three security-related fixes. Our thanks go out to Eitan 
+Shav at [WhiteSource](https://whitesourcesoftware.com) and David Müller of 
+[lutrasecurity.com](https://lutrasecurity.com/) for identifying these issues and
+disclosing them to us responsibly! 👏🙏
+
+### 🐛 Bug fixes
+
+- Fix setcontent with `where { }` clause filtering on a foreign `id` in MySQL (bobdenotter, [#3302](https://github.com/bolt/core/pull/3302))
+- Proper default for `$filter` (bobdenotter, [#3296](https://github.com/bolt/core/pull/3296))
+- Fix icons in ContentTypes in Menu (bobdenotter, [#3287](https://github.com/bolt/core/pull/3287))
+
+### 🔐 Security related changes
+
+- Prevent renaming or moving of files on edit (bobdenotter, [#3295](https://github.com/bolt/core/pull/3295))
+- Ensure uploaded SVG files have no embedded Javascript (bobdenotter, [#3294](https://github.com/bolt/core/pull/3294))
+- Prevent injection when filtering records (bobdenotter, [#3293](https://github.com/bolt/core/pull/3293))
+
+
 ## 5.1.12
 
 Released: 2022-07-11
 
 ### 🐛 Bug fixes
 
-- Tiny fix for the |image-filter [#3276](https://github.com/bolt/core/pull/3276)
+- Tiny fix for the `|image`-filter [#3276](https://github.com/bolt/core/pull/3276)
 
 
 ## 5.1.11

diff --git a/assets/js/version.js b/assets/js/version.js
@@ -1,2 +1,2 @@
 // generated by genversion
-export const version = '5.1.11';
+export const version = '5.1.13';