WordPress 5.1.1 is now available! This security and maintenance release introduces 14 fixes and enhancements.

This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting. WordPress versions 5.1 and earlier are affected by these bugs, which are fixed in version 5.1.1.

Other highlights of this release include:

  • Hosts can now offer a button for their users to update PHP.
  • The recommended PHP version used by the “Update PHP” notice can now be filtered.
  • Several minor bug fixes.

WordPress Security V7.3.2

  • Tweak: Allow the log description column to word break for URLs or other strings with no spaces.
  • Bug Fix: Hide Backend bypass on certain Apache configurations.
  • Bug Fix: Properly return error that occurs during a backup.
  • Bug Fix: Regex warning on PHP 7.3 in the File Change module.
  • Bug Fix: Resolve warning when a user is set to “No Role”.

WordPress caching and speed V5.1.1

  • Improved cache invalidation for combined styles
  • Cache purge from the admin bar now handles combined files too
  • Added filter to exclude images from Lazy Loading
  • Added filter to exclude pages from HTML Minification
  • Added Filter to query params from HTML Minification
  • Added PHP 7.3 support

User role editor V4.5

  • PHP version 5.5 was marked as required.
  • Update: General code restructure and optimization.
  • Update: URE_Base_Lib::get_blog_ids() returns null, if it’s called under WordPress single site (not multisite).
  • Update: URE_Editor::prepare_capabilities_to_save() : “Invalid argument supplied for foreach()” warning was excluded in case there was no valid data structures initialization.
  • Update: ‘administrator’ role protection was enhanced. URE always does not allow to revoke capability from ‘administrator’ role. That was possible earlier after the ‘administrator’ role update.
  • Update: 2 new actions ‘ure_settings_tools_show’ and ‘ure_settings_tools_exec’ allows to extends the list of sections available at the Settings->User Role Editor->Tools tab.

WordPress Forms V2.4.6

  • Added security enhancements.
  • Added aria-describedby to some single input fields including: Consent, Text, Textarea, and Website.
  • Updated link in disable logging notice to immediately disable logging.
  • Fixed an accessibility issue with the total field where screen readers don't announce the total amount when it changes.
  • Fixed multi-column List fields within Repeater fields appearing as Array during export.
  • Fixed a fatal error which can occur when using GFFormsModel::media_handle_upload() to upload a video file to the media library.
  • Fixed an accessibility issue with the color contrast of the character counter on a white background.
  • Fixed character counter not announcing updated character limit to screenreaders on fields with a maximum character count defined.
  • Fixed the replacement method name in the GFFormsModel::purge_expired_incomplete_submissions() deprecation notice.
  • Fixed an issue with the default symbols for the Repeater field buttons and removed the title attribute.
  • Fixed the placeholder option not being added to drop down type fields when the placeholder is 0.
  • Fixed an issue with some Address field sub-labels when the form is displayed.
  • Fixed the input mask type setting reverting to the standard choice after some custom masks are configured.
  • Fixed an issue that frontend feeds can't be activated after the conditional logic is disabled.
  • Removed "Not Checked" rule for the consent field in conditional logic JS. Use "not is" "checked" instead.
  • Fixed issue where conditionally hidden Drop Down fields were evaluated as having a value via conditional logic.
  • Fixed an issue where use of some special characters, such as quotes, in the List field column label could prevent submission of the input value.
  • Fixed an issue with the Rich Text Editor height when the Paragraph or Post Body field is displayed by conditional logic.
  • Fixed some properties not being reset when the Product field input type is changed causing issues for the front-end calculations and conditional logic.
  • API: Added GFAPI::entry_exists() to check if an entry exists for the supplied ID.
  • API: Fixed returning repeater subfields via GFAPI::get_field()
  • API (internal): Added GFExport::get_entry_export_line() for getting the line to be included in the export for the entry being processed.
  • API (internal): Added support for IS/IS NOT NULL operations in GF_Query.

WordPress SEO V10.0

  • Fixes a bug where the focus keyphrase snippet variable was not correctly applied on term pages.
  • Fixes a bug where the Facebook image that was set for the WooCommerce Shop page would not be outputted as og:image.
  • Fixes a bug where the featured image set on a WooCommerce Shop page would not be outputted as Facebook OpenGraph Image or Twitter Image.
  • Fixes a bug where backslashes and consecutive double quotes would be removed from the focus keyphrase when saving a post or term.
  • Fixes a bug where backslashes would be removed from the breadcrumb title, focus keyphrase, title or meta description when saving a term.

Sunday, March 10, 2019

« Back