WordPress Managed - Package updates

girish

You can use this thread to track updates to the managed WordPress package.

Please open issues in a separate topic instead of replying here.

girish

Pushed a new 'Managed WP' package version 2.10.0 now:

• WordPress has been updated to version 5.4.1
• Now uses PHP 7.3

girish

Pushed a new 'Unmanaged WP' package version 2.2.0 that installed WP 5.4.1 by default.

girish

Both managed and unmanaged WP got updates to install the missing php-imagick

girish

[2.10.2]

• Update WordPress to 5.4.2
• Release post
• Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
• Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
• Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
• Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
• Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
• Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

girish

[2.11.0]

• Update authLdap to 2.4.2
• Fix manifest screenshots, forum url and post install

girish

[2.11.1]

• Update WP Mail STMP to 2.2.1
• Update themes and plugins to latest version on first run

girish

[2.12.0]

• Update WordPress to 5.5 "Eckstine"
• Release post
• Make php.ini customizable via /app/data/php.ini
• Fix bug where the CLI tool was served up in the "/wp" path
• Posts and pages feel faster, thanks to lazy-loaded images.
• Say hello to your new sitemap.
• Highlights from the block editor
• Server-side registered blocks in the REST API

girish

[2.12.1]

• Update WordPress to 5.5.1
• Update smtp plugin to 2.3.1
• Make wp-admin without trailing slash work

rmdes

This post is deleted!

girish

[2.13.0]

• Update PHP to 7.4

girish

[2.14.0]

• For new installations, always create an admin user. Cloudron users get 'editor' role by default.
• Update WP Mail SMTP to 2.5.0
• Log the real IP
• Use mod_rpaf
• Enable FTP

girish

[2.14.1]

• Update WordPress to 5.5.3
• Release blog

girish

[2.15.0]

• Install ioncube load extension
• Update WP Mail SMTP to 2.5.1

girish

[2.16.0]

• Update WordPress to 5.6. "Simone"
• Release post
• Greater layout flexibility
• More block patterns
• Better video captioning
• Twenty Twenty-One is here!
• Expanding auto-updates
• Accessibility Statement

girish

[2.16.1]

• Update wp-redis and wp-smtp plugins to latest in the default installation
• Rename authLdap plugin to authldap, so that upgrade works via WP dashboard

girish

[2.16.2]

• Update WordPress to 5.6.1
• Release announcement
• #51056: Fetch_feed parsing of permalinks triggers simplepie preg_match warnings
• #52327: Requested updates to the PHP Update Alert
• #51940: The schema for the taxonomy property of a term in the REST API should not include all taxonomies
• #51980: App Passwords: ‘Add New Application Password’ submit button is hidden on mobile devices in ‘User Profile’ page
• #51995: WordPress 5.6: Classic editor menu is not sticky
• Update wp-redis and wp-smtp plugins to latest in the default installation

girish

[2.17.0]

• Update base image to v3
• use smtp mailer instead of wp-mail-smtp

girish

[2.17.1]

• Update WordPress to 5.6.2
• Release announcement
• #52440: Prevent the “Leave site” browser alert in Classic Editor when post title, excerpt, or post content fields are missing.
• #52396: Image options are not visible in pop up when the clicking replace button from Image block.
• #52449: Can’t change font size the 5.6.1 paragraph block.

girish

[2.17.2]

• Update wp-mail-smtp plugin which allows changing Mail From without having to re-enter password