Kirby 2.5.11

Security enhancements

We have been contacted by an independent security research company on Monday (June 25th). They ran penetration tests across Kirby and found possible enhancements to our password hashing. With our ongoing support of PHP 5.4, our password hashing is not as strong as it could be.

Therefor we finally decided to make a cut and remove support for PHP 5.4 with this new release. The minimum version for Kirby 2.5.11 is now PHP 5.6. We will entirely remove support for PHP 5+ with Kirby 3 and move to PHP 7+, but we know that many of you still run on PHP 5+ with v2.

We now use the new and recommended password_hash() and password_verify() functions. All old passwords will automatically be upgraded to the stronger hashes on the next login.

Panel

  • The files > hide:true option in blueprints is now working again
  • A missing avatar folder broke the avatar upload so far. It's now created automatically

Kirby

  • Removed support for PHP 5.4 and 5.5
  • Added support for PHP 7.2

Toolkit

  • Stronger password hashing and verification
  • Removed support for PHP 5.4 and 5.5
  • Added support for PHP 7.2

Our partners

CDN by KeyCDN Search by Algolia

Top