Author: Chris McAndrew

• Plugin Updates
  • ACF Pro 5.8.6
  • Ad Inserter 2.5.7
  • AMP 1.3.0
  • Mailchimp for WordPress 4.6.2
  • Redis Cache 1.5.0
  • WordPress SEO 12.4
  • WP-PageNavi 2.93.1

PR: https://github.com/dc-thomson/wordpress/pull/2365

 

• New Plugins for Wyvex Sites [DESK-3957]
  • Ad Inserter 2.5.5

PR: https://github.com/dc-thomson/wordpress/pull/2304

• • Plugins Updated
    • • • Advanced Custom Fields PRO 5.8.4
        • AMP 1.2.2
        • CodePress Admin Columns 3.4.6
        • JW Player 1.6.2
        • Mailchimp for WP 4.5.5
        • Redirection 4.4.2
        • Stream 3.4.1
        • User Switching 1.5.2
        • WordFence 7.4.0
        • WordPress SEO 12.1

PR: https://github.com/dc-thomson/wordpress/pull/2300

• Security Updates
  •  WordPress 5.2.3
    • Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments.
    • Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect.
    • Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads.
    • Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a vulnerability for cross-site scripting (XSS) in shortcode previews.
    • Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard.
    • Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
    • In addition to the above changes, we are also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions.

You can browse the full list of changes on Trac.

PR: https://github.com/dc-thomson/wordpress/pull/2247

• Platform update
  • CORE-1467 Per site object caching and flushing.

PR: https://github.com/dc-thomson/wordpress/pull/2223

• Plugins updated
  • Dark Matter 2.0.1
    • Fixed an issue causing `admin-post.php` requests to the Admin domain to be mistakenly redirected to Primary domain.
      • This is one of the request types which is be allowed on both the Admin and Primary domains.
    • Fixed the version numbers to this release, 2.0.1, eliminating the beta flags.
    • Improved Dark Matter behaviour for Sites which are not public, archived or deleted in a WordPress Network.
      • This only impacts sites using plugins which locked a site behind a login-gate; i.e. plugins such as More Privacy Options.
      • Improved the logic to prevent incorrect redirects.
        * Stopped Dark Matter mapping domains if the site is archived or deleted.
      • It is worth noting that you may still need to `darkmatter_allow_logins` depending on your setup.
    • Ensured the 2.0.0 release notes in the readme.txt file to be accurate of all the changes.
    • Added the Network flag to the plugin header, so that Dark Matter can only be activated at the Network-level.
• Blaize 1.1
  • [blaize-sailthru-subscribe-links] – new shortcode to render unsubcribe links for Sailthru lists. By using the Blaize session ID we can determine what newsletters a user has subscribe to and relevant the relevant links to let them unsubscribe.
  • Added a custom meta box on articles to allow editors to mark content as “Golden”. If marked as golden, a tag is rendered into the HTML
• MU Plugins added
  • Caching 1.0
    • A collection of simple functions that wrap around transient calls.

PR: https://github.com/dc-thomson/wordpress/pull/2168, https://github.com/dc-thomson/wordpress/pull/2208

• MU Plugin Updates
  • Performance 1.1.0
    • Performance improvements on the edit screen on sites with ACF disabled.
• Plugin Updates
  • ESIO Server 3.7.0
    • New ESIO Settings to manage Queue email notifications.
      1. Queue item time threshold (in minutes)
      2. “Queued for longer than 5 minutes” Email Notification Recipients
      3. A cron every five minutes checks the queue.
      4. If the (1) threshold is met an email notification is sent to the (2) specified recipients.
      5. Note: Caveat of the five minute cron is that on some occasions a post could just miss a schedule which would mean the notification would come after the next schedule.
  • ESIO WebServices 3.2.5:
    • Removed dependency on ACF for the editing screen (further work is likely required, but enough has been done for the edit screen to load.
• Theme Feature Updates
  • Syndicate 1.0.0
    • Contains the theme related parts of syndicate subscriber plugin without needing the latter to be enabled.
• Developer Related Updates
  
  • Specify build/vagrant/Vagrantfile.local.yml to override performance settings for the local environment. For example:

virtualbox:
    cpus: 8
    memory: 4096
    db:
      memory: 4096

PR: https://github.com/dc-thomson/wordpress/pull/2074, https://github.com/dc-thomson/wordpress/pull/2120, https://github.com/dc-thomson/wordpress/pull/2114

• Plugin Updates
  • WP to Buffer Pro 3.9.1

PR: https://github.com/dc-thomson/wordpress/pull/2116

• Plugin Updates
  • advanced-custom-fields-pro 5.8.2
  • mailchimp-for-wp 4.5.3
  • post-expirator 2.4.0.1
  • stream 3.4.0
  • wordfence 7.3.5
  • wordpress-seo 11.7

PR:
https://github.com/dc-thomson/wordpress/pull/2102
https://github.com/dc-thomson/wordpress/pull/2103

• Plugin Updates
  • Blaize 1.0.1
    • Added minified JS holder.

PR:
https://github.com/dc-thomson/wordpress/pull/2093