Release 5.2.3 (#3594)

Author: bobvandevijver

CHANGELOG.md

@@ -1,6 +1,18 @@
 Changelog
 =========
 
+## 5.2.3
+
+Released: 2025-08-18
+
+This release includes a security-related fix for new installations. Our thanks to an anonymous report for identifying this issue and disclosing it to us responsibly! 👏🙏
+
+For existing users, please make sure to check your allowed file types. Every file is uploaded as is to a publicly accessible folder, which can be abused if HTML is allowed and the preview function in the Bolt admin panel is used. We recommend limiting the allowed file types as much as possible!
+
+### 🔐 Security related changes
+
+- Flip default for allowed file types (bobvandevijver, [#3593](https://github.com/bolt/core/pull/3593))
+
 ## 5.2.2
 
 Released: 2025-03-10

assets/js/version.js

@@ -1,2 +1,2 @@
 // generated by genversion
-export const version = '5.2.2';
+export const version = '5.2.3';

package-lock.json

@@ -1,6 +1,6 @@
 {
     "name": "bolt",
-    "version": "5.2.2",
+    "version": "5.2.3",
     "homepage": "https://boltcms.io",
     "author": "Bob den Otter <bob@twokings.nl> (https://boltcms.io)",
     "license": "MIT",

package.json

@@ -23,7 +23,7 @@ final class Version
      *   Stable — 3.0.0
      *   Development — 3.1.0 alpha 1
      */
-    public const VERSION = '5.2.2';
+    public const VERSION = '5.2.3';
     public const CODENAME = '';
 
     /**