Bootstrap 3.4.X
NES Release Notes
3.4.5 (NES) - June 21, 2024
Notes
- This release further improves the handling of attribute data used in the Carousel component
Note
We strongly recommend that you add and use the DOMPurify library in order to get the proper improvements and protection for the Bootstrap NES 3.4.5 packages.
Bug Fixes
- carousel: Improve selector extraction from carousel navigation href attributes.
- This fixes a Medium Severity XSS vulnerability (CVE-2024-6484)
3.4.4 (NES) - June 18,2024
Notes
- This release further improves the handling of attribute data used in the several Bootstrap components
Note
We strongly recommend that you add and use the DOMPurify library in order to get the proper improvements and protection for the Bootstrap NES 3.4.5 packages.
Bug Fixes
- alert:
- Improve url/hash extraction logic for href attribute.
- button:
- This fixes a Medium Severity XSS vulnerability (CVE-2024-6485)
- Improve handling of button state data passed through href and any data-*-text including data-complete-text and data-reset-text.
- carousel:
- This fixes a Medium Severity XSS vulnerability (CVE-2024-6484)
- Improve selector extraction from carousel navigation href attributes.
- Improve url/hash extraction logic for href attribute.
- dropdown:
- Improve url/hash extraction logic for href attribute.
- tab:
- Improve url/hash extraction logic for href attribute.
3.4.3 (NES) - February 16, 2024
Notes
- This release fixes an issue from Bootstrap NES v3.4.2 where the minified scripts contained non-relative paths
Bug Fixes
- build: Fix URL paths in minified CSS to be relative to current file instead of dist/
3.4.2 (NES) - February 1, 2024
Notes
- This is the initial release of Bootstrap 3.4.x NES. This release contains no functional changes from Bootstrap 3.4.1