So we have our security patch for WordPress 5.4.2 as expected. We have also patched the SG cacher plugin which was creating issues with cache reloading after this update. Basically the SG cach system was not allowing the database wipe stored files after a page update or post update. This was now been rectified. This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.

These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them.

WordPress 5.4.2

  • Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
  • Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
  • Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
  • Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
  • Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
  • Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

WordPress SEO V14.4

  • Fixes a bug where replacement variable values would break the Google Preview and output a PHP notice on the front end if they were a serialized array string.
  • Fixes a bug where a property that was changed from private to public on WPSEO_Schema_Article would lead to a backward compatibility break.
  • Fixes a bug where the site logo would not be output in the schema when a CDN was used for images. Props to gr8shivam
  • Fixes a bug where the Facebook Debugger link was outdated. Props to eliorivero
  • Fixes a bug where a lot of delete queries would be performed after clearing all indexables from the database.
  • Fixes a bug where the indexables indexing warning would be visible to users with non-admin roles.

ithemes security V7.6

  • Breaking Change: iThemes Security requires PHP 5.5 or later.
  • New Feature: iThemes Security now includes Security Check Pro to automatically and correctly determine your visitors IP addresses. Enable this scan by running Security Check and opting in to Security Check Pro or activate the Security Check Pro module in Advanced Modules. H/t Jeremy Voisin
  • Enhancement: Run Security Check Pro IP Detection automatically once a day.
  • Enhancement: Manually re-run Security Check Pro IP Detection from the Global Settings page.

SG Cacher V5.5.7

  • Improved Memcached Integration
  • Added protection for objects too big to be stored in Memcached
  • Improved JS and CSS Combination Exclude List
  • Improved Lazy Load functionality
  • Improved Image Optimization for sites using CDN

 



Friday, July 3, 2020



« Back