Bludit

v3.22.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 23d Productivity & Wikis

✓ No known CVEs patched

This release patches 1 known CVE

Topics

blog blog-engine bludit cms docker dom-manipulation

+12 more

engine flat-file flexible json json-manipulation php php-support plugins theme web-site webserver website

ReleasePort's take

Light signal

editorial:auto 13d

Version 3.22.0 now invalidates sessions when a user is disabled.

Why it matters: Security: immediately enforce session revocation for any newly‑disabled users to prevent unauthorized access.

AI summary

Sessions are now invalidated when a user is disabled.

Type	Severity	Summary	CVE
Security	Medium	Invalidate sessions for disabled users Invalidate sessions for disabled users Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	API improvements to support MCP protocol API improvements to support MCP protocol Source: llm_adapter@2026-05-21 Confidence: high	—

Full changelog

Feat: API improvements to support MCP protocol by @dignajar in https://github.com/bludit/bludit/pull/1707
Fix: Invalidate sessions for disabled users (GHSA-q42h-wpg8-5wwf) thanks for report it @N0tFix3d

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track Bludit

Get notified when new releases ship.

About Bludit

Build a site or blog in seconds. Bludit uses flat-files (text files in JSON format) to store posts and pages.