Hey everyone,
we are moving on with v4 and v5 today:
Kirby 4.8.0
https://github.com/getkirby/kirby/releases/tag/4.8.0
Kirby 5.0.0-rc.3
https://github.com/getkirby/kirby/releases/tag/5.0.0-rc.3
While 4.8.0 is mostly a bugfix and housekeeping release, it is closely connected to 5.0.0 with a security enhancement that we are releasing in two steps.
We’ve added a new option in 4.8 to disable clean file redirects to original files in your content folder. Currently, you can access the original file (rather than a generated thumbnail) via the URL https://yourdomain.com/some-page/some-file.jpg, which redirects you to the full file URL in the media folder. This is useful when you need clean URLs for your files and in most projects this is probably a no-brainer. However, depending on your files and filenames, such URLs could be guessable and your original files should be private. If you want to add an extra layer of protection for your original files, you can now disable this feature.
return [
'content' => [
'fileRedirects' => false
]
];
If you only want to switch it off for individual files, you can also pass a function.
return [
'content' => [
'fileRedirects' => function ($file) {
if ($file->filename() === 'supersecret.jpg') {
return false;
}
return true;
}
]
];
In 5.0.0, this option is set to false by default. Let us know if you have questions about this!
Where do we stand with v5?
The RC phase is still going well and your feedback and issues are helping us tremendously. We have a couple regressions here and there but nothing too brutal so far. Please keep us updated if you find something!
There’s also still good progress on the plugin compatibility side. We are carefully optimistic that we can stick to our plan to launch v5 this month.