WordPress Managed - Package updates

girish

[2.18.1]

• Allow .htaccess inside wp-content

girish

[2.18.2]

• Update WordPress to 5.7.1
• Release announcement
• Security updates - exposure vulnerability within the latest posts block and REST API

nebulon

[2.18.3]

• Update WordPress to 5.7.2
• Security update
• Release announcement

nebulon

[2.18.4]

• Allow generation of PDF previews

rmdes

@nebulon any ETA when 5.8 will be available ?

girish

[2.19.0]

• Update WordPress to 5.8
• Release announcement
• Manage Widgets with Blocks
• Display Posts with New Blocks and Patterns
• Edit the Templates Around Posts
• Overview of the Page Structure
• Suggested Patterns for Blocks
• Style and Colorize Images

girish

[2.20.0]

• Update WordPress to 5.8.1
• Make sendmail optional
• Release announcement
• Props @mdawaffe, member of the WordPress Security Team for their work fixing a data exposure vulnerability within the REST API.
• Props to Bentkowski of Securitum for reporting a XSS vulnerability in the block editor.
• The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes.

girish

[2.20.1]

• Update WordPress to 5.8.2
• Release announcement

girish

[2.20.2]

• Update WordPress to 5.8.3
• Release announcement
• Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs.
• Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.
• Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.
• Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query (only relevant to versions 4.1-5.8).

girish

[2.21.0]

• Update WordPress to 5.9
• Release announcement
• Full site editing is here
• Say hello to Twenty Twenty-Two theme
• Better block controls
• A revamped List View
• A better Gallery block

girish

[2.21.1]

• Update LDAP plugin to 2.5.1
• Update smtp-mailer to 1.1.3
• Update ldap plugin to 2.4.11

girish

[2.21.2]

• Update WordPress to 5.9.1
• Release announcement

girish

[2.21.3]

• Update WordPress to 5.9.2
• Release announcement

girish

[2.22.0]

• Change the table prefix to wp_. This makes it easier to migrate to the Developer package and is also better supported by plugins.

girish

[2.22.1]

• Update WordPress to 5.9.3
• Release announcement

girish

[2.23.0]

• Update default WordPress to 6.0
• WordPress 6.0 "Arturo"
• Enhanced Writing Experience
• Style Switching
• More Template Choices
• Integrated Patterns
• Additional Design Tools
• Better List View

girish

[2.24.0]

• Update WordPress to 6.0.1
• Release announcement
• Email Display Name support . Please note that you have to set any custom mail from display name in the Email section.

girish

[2.24.1]

• Update WordPress to 6.0.2
• Release announcement
• #56112 – Allow remote pattern registration in theme.json when core patterns are disabled
• #56184 – register_block_type does not recognise “ancestor” block setting
• #56210 – What’s new page design issue in core wordpress
• #56225 – @since 6.1.0 appearing in 6.0.1

girish

[2.24.2]

• Enable mod_ext_filter

girish

[2.24.3]

• Update WordPress to 6.0.3
• Release announcement
• Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
• Open redirect in wp_nonce_ays – devrayn
• Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
• Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue