It’s time for a new patch release!
Improved brute-force protection
This release improves the brute-force protection of the Panel. Unfortunately the protection didn’t trigger when a valid email address, but an invalid password was passed. This bug is now fixed.
We have also made further improvements to the brute-force protection. It now also applies to requests with HTTP Basic Auth. Additionally, it protects better from brute-force attacks carried out by botnets. You can read more about this feature and its limitations in the docs.
It is recommended to upgrade your Kirby 3 installation to Kirby 3.2.3 to benefit from the improved protection.
Thanks to Clemens Prill for reporting the issue.
- Fixed user models (#1892)
- Fixed dimension detection for webp files
Str::splitwith multi-char separator (#1753)
- Fixed blueprint option for site title (#1899)
- Fixed cache prefix with a port in the host address
- Fixed issue with session cache (#1932)
- Fixed access of dotted keys in queries (#1939)
- Email addresses with umlauts are now correctly validated by
V::email()and thus also in the panel (#1895)
- Fixed width and height attributes in video tags (#1875)
- The manual locale setup warning is now translatable (#1897)
- Updated translations
- Support for sorting constants in the
sortByoption in sections (#1913)
Collection::sortArgs()method to create sortBy arguments from a string
- Fixed API error handling on errors without route
- Optional content lock for virtual pages (#1539
- Media files are now correctly generated again in multi-site setups
- Brute-force protection improvements (see above)
How to update
- Download the latest version of the kirby folder here: https://github.com/getkirby/kirby/archive/3.2.3.zip
- Unzip it and rename the folder to
- Use it to replace your old kirby folder in your installation