Skip to content

WinterCMS

v1.2.12 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 3mo Dashboards & Home Pages
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

cms cms-platform laravel php winter wintercms

Summary

AI summary

Added protection against privilege escalation attack from authenticated backend users.

Full changelog

UX/UI Improvements

  • Added support for tel form field.

Bug Fixes

  • Fixed z-index on MediaManager move dropdown.
  • Fixed support for config properties on URL fields.
  • Fixed issue where dynamically extending a class to add behaviors could fail if the behavior had been added before.

Security Improvements

  • Added protection against privilege escalation attack from authenticated backend users.

Performance Improvements

  • Moved Vite rendering to {% styles %} Twig tag instead of {% scripts %} to prevent FOUC.

Dependencies

  • Improved support for PHP 8.4.

Full Changelog: https://github.com/wintercms/winter/compare/v1.2.11...v1.2.12

Security Fixes

  • Added protection against privilege escalation attack from authenticated backend users
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track WinterCMS

Get notified when new releases ship.

Sign up free

About WinterCMS

Speedy and secure content management system built on the Laravel PHP framework.

All releases →

Related context

Beta — feedback welcome: [email protected]