Middleman v4.3.7 Release Notes

Release Date: 2020-05-27 // almost 4 years ago
    • 👍 Loosen activesupport dependence (#2327)

      What

      Change the maximum version of activesupport required to be any 5.x version, bringing the dependency back inline prior to it being restricted in commit ea2115f3f87d6e881fe9517dc65735c96735faf3.

      Why

      There is a vulnerability reported in activesupport that is fixed in version 5.2.4.3, which middleman-core does not allow to be used due to its < 5.1 version requirement.

      Prior to commit ea2115f3f87d6e881fe9517dc65735c96735faf3 any 5.x version was allowed because the dependency was defined as ~> 5.0, however in that commit that intended to loosen the minimum dependency it appears the maximum dependency was tightened. There is no explanation in the commit or its related PR (#1976) about this so it could have been an accident.

    • Add empty image alt tag if alt text not specified (#2323)

      Middleman's image_tag helper wraps the Padrino image_tag helper. By default, the Padrino image_tag helper adds an alt tag based on the image filename when one isn't explicitly set.

      Alt text based on the filename is not helpful to users and therefore bad for accessibility.

      To avoid this, explicitly set an empty alt tag value before calling Padrino's image_tag if the user hasn't specified a value.