Download Latest Version
5.3.1 source code.tar.gz (2.0 MB)
Get an email when there's a new version of Kirby
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| 5.2.2 source code.tar.gz | 2026-01-08 | 2.0 MB | |
| 5.2.2 source code.zip | 2026-01-08 | 2.4 MB | |
| README.md | 2026-01-08 | 1.1 kB | |
| Totals: 3 Items | 4.4 MB | 0 | |
[!CAUTION]
🚨 Security
Missing permission checks in the content changes API
CVE ID: CVE-2026-21896 Severity: medium (CVSS score 5.8)
This vulnerability affects all Kirby sites where user permissions are configured to prevent specific role(s) from performing write actions, specifically by disabling the
updatepermission with the intent to prevent modifications to site content.If you haven't configured any user permissions that deviate from the default of allowing all actions, your site is not affected.
🐛 Bug fixes
- Prevent error when calling
Remote::json()with single-value JSON content (e.g. a single string, single int) [#7806] - Fixed
Kirby\Toolkit\Domfor newer libxml versions [#7802] - Writer field: fixed inline toolbar position on views without Panel menu [#7799]
$collection->group(callable)should accept empty string result as key [#7830]- Fixed filename field bug in upload dialog [#7662]
♻️ Refactored
- Reset
$_SERVERmanipulation in tests [#7807]
