Maintenance Update 10.6
WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5:
- Don't treat
localhostas same host by default.
- Use safe redirects when redirecting the login page if SSL is forced.
- Make sure the version string is correctly escaped for use in generator tags.
We also have updated a number of plugins also:
WordPress stats jetpack V6
- Admin Page: Fixed Dashboard connection card from showing text that overflows the card.
- Admin Page: Fixed directory separator character used when displaying the site URL on the disconnect dialog.
- Admin Page: Fixed an issue by which clicking the back button on a page visited after the Admin Page would result in the Admin Page being rendered with cached data.
- Admin Page: Don’t show a Set Up button when searching for modules that are inactive in Jetpack Settings page. The Set Up button is meant for paid features coming from plugins.
- Admin Page: Make it clear when tracking begins in the connetion dialog.
- Admin Page: Hide the date range tabs when the initial dialog is shown.
- Admin Page: Fixed the positioning of popovers in the Jetpack Settings page.
- Admin Page: Fixed a bug with the Ads settings toggle.
- Admin Page: Fixed a display issue for the custom user capability “jetpack_connect”.
- Admin Page: Made sure translations are properly applied to several phrases.
- Connection Banner: Updated style to better fit wide screens.
- Connection Banner: Added illustration SVGs.
- Contact Form: Fixed width style of input for Website address.
- Google Analytics: fix PHP notice on search pages.
- Infinite Scroll: Fixed issues where the first was being duplicated on scroll.
- Likes: Made manually enabled likes remain being likeable if Likes are enabled for all posts
- Search: Added default values for the Search widget so it can be added from the Customizer.
- Settings: Fixed overflow/overlap when there are many ignored phrases in spelling options.
- Settings: Updated SEO/analytics links to avoid unnecessary redirects.
- Stats: Fixed column spacing styling issues in WP Dashboard box for Jetpack stats.
- VaultPress: Remove menu item that links nowhere when Rewind is enabled.
- Widgets: Fixed issue with custom URL choice and selective refresh in the EU Cookie Law widget.
- WooCommerce Analytics: Fixed PHP warning coming from str_replace usage.
- WooCommerce Analytics: Started tracking all possible ways to add a product to a cart.
WordPress Yoast SEO V7.2
Fixes a bug where the Facebook app-id could no longer be set in the Social settings.
* Fixes a bug where existing Yoast SEO data could be overwritten when importing data from All in One SEO Pack.
* Fixes a bug where the Ryte notification is not removed when disabling the Ryte feature.
* Fixes a bug where setting a page to
wpseo_robotsfilter did not properly remove the
* Fixes a bug where attachments connected to password-protected parents are included in the sitemaps.
* Fixes alignment of the
Monday, April 2, 2018