Skip to content

Release history

Bludit releases

Build a site or blog in seconds. Bludit uses flat-files (text files in JSON format) to store posts and pages.

Back to tool Latest release

All releases

12 shown

3.22.0 Security relevant
Security fixes
  • GHSA-q42h-wpg8-5wwf — Invalidate sessions for disabled users
Notable features
  • API enhancements to support the MCP protocol
Full changelog

What's Changed

  • Feat: API improvements to support MCP protocol by @dignajar in https://github.com/bludit/bludit/pull/1707
  • Fix: Invalidate sessions for disabled users (GHSA-q42h-wpg8-5wwf) thanks for report it @N0tFix3d
View release on GitHub
3.21.1 Bug fix

Fixed crash when preview token is not a string.

Full changelog

What's Changed

  • Fix: guard preview token against non-string before hash_equals (#1692) by @dignajar in https://github.com/bludit/bludit/pull/1701
  • Chore: bump version to 3.21.1 by @dignajar in https://github.com/bludit/bludit/pull/1704
View release on GitHub
3.21.0 Security relevant
Security fixes
  • Fixed path traversal vulnerability by validating `pageKey` in the API files endpoint (Reported by Sehwang Kim - AhnLab, Inc.)
Notable features
  • Quick menu for moving between page types
Full changelog

What's Changed

  • Fix: improvements for Dutch by @ltguillaume in https://github.com/bludit/bludit/pull/1682
  • Fix: thumbnails for webp images by @dignajar in https://github.com/bludit/bludit/pull/1683
  • Fix typo by @Grandroot in https://github.com/bludit/bludit/pull/1684
  • Fix: validate pageKey in API files endpoint to prevent path traversal (Reported by Sehwang Kim - AhnLab, Inc.) by @dignajar in https://github.com/bludit/bludit/pull/1687
  • Fix: preview issue #1692 by @dignajar in https://github.com/bludit/bludit/pull/1693
  • Fix: media manager wrong extensions and ghost thumbnails on delete (#1694) by @dignajar in https://github.com/bludit/bludit/pull/1695
  • Chore: fix get user ip by @dignajar in https://github.com/bludit/bludit/pull/1686
  • Chore: refactor dashboard ui and plugin simple stats by @dignajar in https://github.com/bludit/bludit/pull/1689
  • Chore: Ensure that the search term and search URL are html escaped by @bramley in https://github.com/bludit/bludit/pull/1691
  • Chore: improve dashboard ui by @dignajar in https://github.com/bludit/bludit/pull/1697
  • Chore: notes to readme running behind proxy by @dignajar in https://github.com/bludit/bludit/pull/1698
  • Chore: bump version to 3.21.0 by @dignajar in https://github.com/bludit/bludit/pull/1700
  • Feat: move between page types quick menu by @dignajar in https://github.com/bludit/bludit/pull/1696

New Contributors

  • @Grandroot made their first contribution in https://github.com/bludit/bludit/pull/1684
View release on GitHub
3.20.0 Security relevant
Security fixes
  • Fix authenticated RCE via file upload and .htaccess bypass
Notable features
  • Add editorToolbar hook for plugins to inject custom toolbar buttons
Full changelog

What's Changed

  • Fix image description loss in TinyMCE editor by @dignajar in https://github.com/bludit/bludit/pull/1673
  • feat: Add editorToolbar hook for plugins to inject editor toolbar buttons by @dignajar in https://github.com/bludit/bludit/pull/1675
  • Fix authenticated RCE via file upload and .htaccess bypass by @dignajar in https://github.com/bludit/bludit/pull/1674
  • chores: multiples fixes and improvements in parsedown and images helper by @dignajar in https://github.com/bludit/bludit/pull/1677
  • fix: security hardening and user profile field corrections by @dignajar in https://github.com/bludit/bludit/pull/1679
  • chore: update languages dictionaries, update dashboard colors, fix an issue with plugin sorting by @dignajar in https://github.com/bludit/bludit/pull/1680
View release on GitHub
3.19.0 New feature
Notable features
  • Add Flavor theme – minimal Tailwind CSS blog theme
Full changelog

What's Changed

  • Add Flavor theme - minimal Tailwind CSS blog theme by @dignajar in https://github.com/bludit/bludit/pull/1665
  • Add Blog nav link when homepage is set to a static page
  • chore: remove debug error_log from Filesystem::listFiles
  • fix: correct endsWith logic and use random_int in randomText
  • fix: guard dbFields access in getField to avoid undefined property notice
  • fix: add missing space in Location header per RFC 7231
  • fix: respect verifySSL in stream fallback and prioritize REMOTE_ADDR in getIP
View release on GitHub
3.18.4 Security relevant
Security fixes
  • Fixed Authentication Bypass vulnerability
  • Fixed Arbitrary File Upload vulnerability
Notable features
  • Added dribbble and vk SVG icons
Full changelog

What's Changed

  • Security fixes: Authentication Bypass + Arbitrary File Upload. Thanks to Ki1ro for the analysis and the fixes provided.
  • Minor changes in UI for Blog-X theme
  • Add Missing dribbble and vk svg icon #1664
  • TinyMCE remove unsupported plugins
View release on GitHub
3.18.2 Bug fix

Fixed UI bugs in the Search plugin and improved dashboard theme appearance.

Full changelog

What's Changed

  • Update Dutch by @ltguillaume in https://github.com/bludit/bludit/pull/1655
  • Fix: UI Search plugin
  • UI bug fixes and enhance on Dashboard, Alternative and Blog X themes.

Full Changelog: https://github.com/bludit/bludit/compare/3.18.1...3.18.2

View release on GitHub
3.18.1 Bug fix

Fixed bugs #1578 and #1652, added French localization, and made CSS adjustments to the Search plugin.

Full changelog

What's Changed

  • Improvements on Blog-X theme
  • Bug fixes for #1578 and #1652
  • Localize + French translation + CSS adjustments for Search plugin by @jboisseur in https://github.com/bludit/bludit/pull/1653

Full Changelog: https://github.com/bludit/bludit/compare/3.18.0...3.18.1

View release on GitHub
3.18.0 New feature
Security fixes
  • CVE‑2024‑XXXXX – security fixes for issues #1506, #1582, #1613, #1571
Notable features
  • Selectable default status when creating new content
  • Added Youtube and Bluesky to Socials plugin
Full changelog

What's Changed

  • Update Ukrainian localization by @ChernegaSergiy in https://github.com/bludit/bludit/pull/1628
  • Refine Ukrainian localization for night-time context by @ChernegaSergiy in https://github.com/bludit/bludit/pull/1630
  • feat: selectable default status when create new content by @dignajar in https://github.com/bludit/bludit/pull/1631
  • fix: 1594 redirect to autosave by @dignajar in https://github.com/bludit/bludit/pull/1632
  • fix: 1596 custom fields markdown no parse by @dignajar in https://github.com/bludit/bludit/pull/1633
  • chore: #1581 check if session php plugin is installed by @dignajar in https://github.com/bludit/bludit/pull/1635
  • fix: 1578 fix whereAmI on homepage by @dignajar in https://github.com/bludit/bludit/pull/1636
  • fix: 1550 improve image class and rename function by @dignajar in https://github.com/bludit/bludit/pull/1634
  • fix: #1637 #1638 fix Search plugin cache errors for tags and categories by @dignajar in https://github.com/bludit/bludit/pull/1640
  • fix: #1639 use configured numberOfItems instead of hardcoded default in API by @dignajar in https://github.com/bludit/bludit/pull/1642
  • Version plugin: correct information in French translation by @jboisseur in https://github.com/bludit/bludit/pull/1649
  • Socials: + Youtube and Bluesky by @jboisseur in https://github.com/bludit/bludit/pull/1647
  • Add a field to manage TinyMCE context menu options by @jboisseur in https://github.com/bludit/bludit/pull/1646
  • TinyMCE plugin: fix typo in French language file by @jboisseur in https://github.com/bludit/bludit/pull/1645
  • fix: #1643 add setting to enable or disable thumbnail generation by @dignajar in https://github.com/bludit/bludit/pull/1644
  • Version plugin fix by @jboisseur in https://github.com/bludit/bludit/pull/1648
  • fix: #1506 #1582 #1613 #1571 security and bug fixes by @dignajar in https://github.com/bludit/bludit/pull/1650

New Contributors

  • @ChernegaSergiy made their first contribution in https://github.com/bludit/bludit/pull/1628
  • @jboisseur made their first contribution in https://github.com/bludit/bludit/pull/1649

Full Changelog: https://github.com/bludit/bludit/compare/3.17.2...3.18.0

View release on GitHub
3.17.2 Security
Security fixes
  • Fixed session fixation vulnerability
Changelog
  • Security fix for session fixation
  • Languages dictionaries updated
View release on GitHub
3.17.1 Bugfix

Fixed deleting a post from the admin panel.

Full changelog
  • Fix for deleting post from admin panel
  • Minor CSS improvements
  • Changelog from v3.16 to v3.17.0 https://github.com/bludit/bludit/releases/tag/3.17.0
View release on GitHub
3.17.0 Breaking risk
⚠ Upgrade required
  • Minimum PHP version increased to 8.x
Notable features
  • Modernized dashboard and login views
  • Enhanced image upload functionality
  • Updated admin theme styles and layout
Full changelog

Major Features & Improvements:

Updated admin theme styles and layout
Modernized dashboard and login views
Enhanced image upload functionality
Updated core kernel classes
Improved search plugin functionality
Updated SEO plugins (Twitter Cards, OpenGraph)
Enhanced themes (Alternative, BlogX, Popeye)
Modernized installer design

Bug Fixes:

Fixed logo upload filename sanitization for site titles with slashes (#1615)
Ensured tmp directory exists for image uploads (#1608)
Preserved autosave tab after delete (#1594)
Removed uploads symlink on page delete (#1597)
Preserved markdown in custom fields parser (#1596)
Reindexed categories/tags when cache is stale

Version & Compatibility:

Bumped PHP version support to v8.x
Updated to version 3.17.0

View release on GitHub

Beta — feedback welcome: [email protected]