Bludit

What's Changed

• Feat: API improvements to support MCP protocol by @dignajar in https://github.com/bludit/bludit/pull/1707
• Fix: Invalidate sessions for disabled users (GHSA-q42h-wpg8-5wwf) thanks for report it @N0tFix3d

What's Changed

• Fix: guard preview token against non-string before hash_equals (#1692) by @dignajar in https://github.com/bludit/bludit/pull/1701
• Chore: bump version to 3.21.1 by @dignajar in https://github.com/bludit/bludit/pull/1704

What's Changed

• Fix: improvements for Dutch by @ltguillaume in https://github.com/bludit/bludit/pull/1682
• Fix: thumbnails for webp images by @dignajar in https://github.com/bludit/bludit/pull/1683
• Fix typo by @Grandroot in https://github.com/bludit/bludit/pull/1684
• Fix: validate pageKey in API files endpoint to prevent path traversal (Reported by Sehwang Kim - AhnLab, Inc.) by @dignajar in https://github.com/bludit/bludit/pull/1687
• Fix: preview issue #1692 by @dignajar in https://github.com/bludit/bludit/pull/1693
• Fix: media manager wrong extensions and ghost thumbnails on delete (#1694) by @dignajar in https://github.com/bludit/bludit/pull/1695
• Chore: fix get user ip by @dignajar in https://github.com/bludit/bludit/pull/1686
• Chore: refactor dashboard ui and plugin simple stats by @dignajar in https://github.com/bludit/bludit/pull/1689
• Chore: Ensure that the search term and search URL are html escaped by @bramley in https://github.com/bludit/bludit/pull/1691
• Chore: improve dashboard ui by @dignajar in https://github.com/bludit/bludit/pull/1697
• Chore: notes to readme running behind proxy by @dignajar in https://github.com/bludit/bludit/pull/1698
• Chore: bump version to 3.21.0 by @dignajar in https://github.com/bludit/bludit/pull/1700
• Feat: move between page types quick menu by @dignajar in https://github.com/bludit/bludit/pull/1696

New Contributors

• @Grandroot made their first contribution in https://github.com/bludit/bludit/pull/1684

What's Changed

• Fix image description loss in TinyMCE editor by @dignajar in https://github.com/bludit/bludit/pull/1673
• feat: Add editorToolbar hook for plugins to inject editor toolbar buttons by @dignajar in https://github.com/bludit/bludit/pull/1675
• Fix authenticated RCE via file upload and .htaccess bypass by @dignajar in https://github.com/bludit/bludit/pull/1674
• chores: multiples fixes and improvements in parsedown and images helper by @dignajar in https://github.com/bludit/bludit/pull/1677
• fix: security hardening and user profile field corrections by @dignajar in https://github.com/bludit/bludit/pull/1679
• chore: update languages dictionaries, update dashboard colors, fix an issue with plugin sorting by @dignajar in https://github.com/bludit/bludit/pull/1680

What's Changed

• Add Flavor theme - minimal Tailwind CSS blog theme by @dignajar in https://github.com/bludit/bludit/pull/1665
• Add Blog nav link when homepage is set to a static page
• chore: remove debug error_log from Filesystem::listFiles
• fix: correct endsWith logic and use random_int in randomText
• fix: guard dbFields access in getField to avoid undefined property notice
• fix: add missing space in Location header per RFC 7231
• fix: respect verifySSL in stream fallback and prioritize REMOTE_ADDR in getIP