Some more security patches this month for the release of WordPress 5.2 nicknamed Jaco, named after the jazz musician Jaco Pastorius.

WordPress Forms V2.4.9

  • Added security enhancements. Credit: Jan van der Put and Harm Blankers of REQON Security.
  • Added accessibility enhancements to the date picker in the date field.
  • Added additional information to logging messages for notifications email sending.
  • Added $format parameter to gform_merge_tag_filter filter.
  • Added 'gform_file_upload_status_markup' filter to allow modifying file upload markup while it is being uploaded.
  • Updated created_by entry property to save as an empty value when undefined.
  • Updated Chosen.js to v1.8.7.
  • Updated the source URL to account for query strings in URLs.
  • Fixed and issue with the repeater field where the radio buttons selection disappears when adding a new row.
  • Fixed an issue where filter counts on the form and entry list pages could be set to negative values. Credit: The GravityView team.
  • Fixed an issue where choices property are not correctly reset when changing Post Custom Field input type.
  • Fixed an issue where Hidden Product fields hidden/shown by conditional logic do not have their price correctly reset.
  • Fixed the Enhanced UI on the Option type field not retaining the selected choice.
  • Fixed an issue with files containing special characters not attaching to notifications.
  • Fixed an issue where the default value is not populated for empty inputs when other inputs have dynamically populated values.
  • Fixed an issue where default values are not repopulated into Multi Select fields when they are hidden via conditional logic.
  • Fixed the price not being restored by conditional logic when the single product/shipping field has the unsupported choices property defined.
  • Fixed an issue where datepicker fails to initialize when filtering Date fields in the Entry List filter.
  • API: Fixed a fatal error which occurs when using REST API v2 to get an entry which does not exist.
  • API: Fixed an issue with GFAPI::update_form() when notifications/confirmations are included in the form using indexed arrays.

WordPress SEO V11.2.1

  • Fixes a bug where the metabox would be empty on WordPress versions below 5.0.
  • Fixes a bug where the metabox would be empty when both the classic editor plugin as well as the Gutenberg plugin were installed.

WordPress Supercacher cache system V5.1.2

  • Added support for Recommended by SiteGround PHP Version
  • Improved LazyLoad Support for WooCommerce sites
  • Improved Image Optimization checks
  • Improved PHP Version switching checks
  • Added wp cli status command for checking optimization status
  • Fixed bug with Combine CSS

WordPress Security update V7.3

  • Enhancement: Add Per-Content SSL toggle to the upcoming Block Editor interface.
  • Enhancement: Add filter to the recipients list for email notifications: “itsec_notification_{$notification}_email_recipients” and “itsec_notification_email_recipients”.
  • Enhancement: Add define “ITSEC_DISABLE_TEMP_WHITELIST” to disable the Temporary IP Whitelisting for logged-in administrators.
  • Enhancement: Improve redirecting after processing a login interstitial from a front-end login form.
  • Enhancement: Add loopback IP detection to Security Check.
  • Enhancement: Detect Server IPs in Security Check.
  • Tweak: Add additional safety checks when writing to system config files. This will log a “Critical Issue” when the writing of an empty or partial config file is detected and prevented.
  • Tweak: Improve File Change locking to help prevent failing scans on sites with inconsistent cron scheduling.
  • Tweak: Improve “System Tweaks – Suspicious Query Strings – SQLI” to reduce false positives.
  • Tweak: Improve “System Tweaks – Disable PHP” to block PHP files in apache configurations that serve files with a trailing dot.
  • Tweak: Remove “Seznam Bot” from HackRepair List as it isn’t present in the latest version.
  • Bug Fix: Include Hide Backend token when emailing a password reset URL.
  • Bug Fix: Notification Center – Only send notifications to users with an exact role match of selected roles instead of a fuzzy match based on selected capabilities.
  • Bug Fix: Error when trying to edit reusable blocks with per-post SSL enabled.
  • Bug Fix: Resolve warnings on PHP 5.2.

Friday, May 10, 2019

« Back