Sage 9.0.9 Released

Sage 9.0.9 has been released with Bootstrap 4.3.1 support.

A couple days ago Bootstrap 4.3.0 and Sage 9.0.8 were released, but today Bootstrap released 4.3.1 to patch an XSS vulnerability. Bootstrap 4.3.1 also includes a fix to the new responsive font size mixins that were added in 4.3.0.

To resolve the issue, we’ve implemented a new JavaScript sanitizer to only allow whitelisted HTML elements in data attribute. You may modify our sanitization implementation to customize the HTML element whitelist, totally disable the sanitization, or pass your own sanitize function (useful if you use your own library). However, for added protection, there is no way to modify the sanitization via data attributes—you must modify these plugin options via the JavaScript API.

If you happened to already update to 4.3.0 or created a new project with Sage 9.0.8 and Bootstrap, you can make a one-line change to package.json to get the latest version of Bootstrap:

...
  "dependencies": {
-    "bootstrap": "v4.3.0",
+    "bootstrap": "v4.3.1",
...

After updating package.json, run yarn to update Bootstrap and then continue working on your theme!

Start the discussion on Roots Discourse

Help support our open-source development efforts

Help grow Roots

Join over 6,000 subscribers on our newsletter to get the latest Roots updates, along with occasional tips on building better WordPress sites.

Looking for WordPress plugin recommendations, the newest modern WordPress projects, and general web development tips and articles?

“Easily the best WordPress email I get.” Colin OBrien

Follow us on Twitter @rootswp

Ready to checkout?