Kirby 3.2.3 is here!

It’s time for a new patch release! :rocket:

Improved brute-force protection

This release improves the brute-force protection of the Panel. Unfortunately the protection didn’t trigger when a valid email address, but an invalid password was passed. This bug is now fixed.

We have also made further improvements to the brute-force protection. It now also applies to requests with HTTP Basic Auth. Additionally, it protects better from brute-force attacks carried out by botnets. You can read more about this feature and its limitations in the docs.

It is recommended to upgrade your Kirby 3 installation to Kirby 3.2.3 to benefit from the improved protection.

Thanks to Clemens Prill for reporting the issue.

All changes

  • Fixed user models (#1892)
  • Fixed dimension detection for webp files
  • Fixed Str::split with multi-char separator (#1753)
  • Fixed blueprint option for site title (#1899)
  • Fixed cache prefix with a port in the host address
  • Fixed issue with session cache (#1932)
  • Fixed access of dotted keys in queries (#1939)
  • Email addresses with umlauts are now correctly validated by V::email() and thus also in the panel (#1895)
  • Fixed width and height attributes in video tags (#1875)
  • The manual locale setup warning is now translatable (#1897)
  • Updated translations
  • Support for sorting constants in the sortBy option in sections (#1913)
  • New Collection::sortArgs() method to create sortBy arguments from a string
  • Fixed API error handling on errors without route
  • Optional content lock for virtual pages (#1539
  • Media files are now correctly generated again in multi-site setups
  • Brute-force protection improvements (see above)


How to update

  1. Download the latest version of the kirby folder here:
  2. Unzip it and rename the folder to kirby
  3. Use it to replace your old kirby folder in your installation



Thanks for the mention! I appreciate it a lot!