Bootstrap NES Changelog
3.4.5 (NES) - June 21, 2024
This release further improves the handling of attribute data used in the Carousel component.
Note: We strongly recommend that you add and use the DOMPurify library in order to get the proper improvements and protection for the Bootstrap NES 3.4.5 packages.
Fixes:
-
carousel: Improve selector extraction from carousel navigation href attributes.
- This fixes a Medium Severity XSS vulnerability (CVE-2024-6484)
Breaking Changes:
- None
3.4.4 (NES) - June 18, 2024
This release improves the handling of attribute data used in several Bootstrap components.
Note: We strongly recommend that you add and use the DOMPurify library in order to get the proper improvements and protection for the Bootstrap NES 3.4.4 packages.
Fixes:
-
alert:
- Improve url/hash extraction logic for href attribute.
-
button:
- This fixes a Medium Severity XSS vulnerability (CVE-2024-6485)
- Improve handling of button state data passed through href and any data-*-text including data-complete-text and data-reset-text.
-
carousel:
- This fixes a Medium Severity XSS vulnerability (CVE-2024-6484)
- Improve selector extraction from carousel navigation href attributes.
- Improve url/hash extraction logic for href attribute.
-
dropdown:
- Improve url/hash extraction logic for href attribute.
-
tab:
- Improve url/hash extraction logic for href attribute.
Breaking Changes:
- None
3.4.3 (NES) - February 16, 2024
This release fixes an issue from Bootstrap NES
v3.4.2 where the minified scripts contained non-relative paths.
Fixes:
-
build: Fix URL paths in minified CSS to be relative to current file instead of
dist/
Breaking Changes:
- None
3.4.2 (NES) - February 1, 2024
This is the initial release of Bootstrap 3.4.x NES. This release contains no functional changes from Bootstrap 3.4.1
Breaking Changes:
- None