With the release of Jetpack 3.7.1 and 3.7.2 this week, we've added some important security updates and bug fixes. We strongly encourage that you update your sites to the latest version as soon as possible.
In Jetpack 3.7.1 we made a lot of improvements to the software, including some important security updates:
- Mitigating a potential stored XSS vulnerability in the Contact Form. Thanks to Marc-Alexandre Montpas from Sucuri.
- Mitigating a potential information disclosure in the software. Thanks to Jaime Delgado Horna of Listae.
Other notable updates in this release include:
- Updating the Google+ logo in our sharing buttons.
- Adding custom capabilities for module management for multisite installs.
- Fixing a bug that was sending the contact form response fields in the wrong order.
In Jetpack 3.7.2, we fixed an error with the REST API that created multiple drafts and multiple published posts when posting using the REST API.
Full changelog can be found on our plugin page.
Thanks to everyone who contributed to these two releases: Alexander Kirk, Andrew Duthie, Brandon Kraft, Dennis Snell, Derek Smart, Dion Hulse, Eduardo Reveles, Enej Bajgoric, Eric Binnion, George Stephanis, Gregory Cornelius, Igor Zinovyev, James Nylen, Jeremy Herve, Jesse Friedman, Joen Asmussen, Joey Kudish, Kat Hagan, Marcus Kazmierczak, Miguel Lezama, Sam Hotchkiss, and Timmy Crawford.
WordPress.com
Hey,
ReplyDeleteThanks for sharing this blog its very helpful to implement in our work
Regards.
find a hacker