Category: WordPress Cluster

• Improving the JSON Feeds WPC shortcode
• Adding JSON Feeds CSS to Blocks and Blocks-based child themes:
  • The Courier
  • Energy Voice
  • Evening Express
  • Evening Telegraph
  • Press and Journal
  • Sunday Post
• Cluster Analytics
  • Removed wp_head hook so that it is not rendered out on the frontend.
  • Remains on the admin and login screens.

PR:  https://github.com/dc-thomson/wordpress/pull/2269
https://github.com/dc-thomson/wordpress/pull/2275

Removing redundant Selkie (original) theme.

PR: https://github.com/dc-thomson/wordpress/pull/2259

• Plugins updated;
  • Blaize 1.3
    • Move Blaize logout functionality into WP.
    • Clear user cache on Blaize logout.
• MU Plugins patching
  • Added a 1500ms delay before an AJAX request is fired for a media search.

https://github.com/dc-thomson/wordpress/pull/2246, 2258, 2257

• Security Updates
  •  WordPress 5.2.3
    • Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments.
    • Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect.
    • Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads.
    • Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a vulnerability for cross-site scripting (XSS) in shortcode previews.
    • Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard.
    • Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
    • In addition to the above changes, we are also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions.

You can browse the full list of changes on Trac.

PR: https://github.com/dc-thomson/wordpress/pull/2247

• Plugins updated
  • ESIO3 Server 3.8.1
    • Todos added for later improvements.
    • Simplified post ranking logic (no change).
    • Improved help text for “Subbed” Post Status Name‘ setting.
  • ESIO3 Web Services 3.2.7
    • Corrected setting priority (no change) more in line with others.
    • Improved ‘Disable Queue?’ setting punctuation marks, in line with other YesNo Fields
  • Blaize 1.2
    • Ensured jQuery.cookie library is included.
    • Added some additional error handling

• Plugins added
  • Sailthru – Subscribe / Unsubscribe 1.0
    • Listen for existing Preference centre links and unsubscribe a user from Sailthru automatically (a temporary solution until new preference centre is completed)

PR: https://github.com/dc-thomson/wordpress/pull/2236

• Platform update
  • CORE-1467 Per site object caching and flushing.

PR: https://github.com/dc-thomson/wordpress/pull/2223

• Platform update
  • CORE-1467 Per site object caching and flushing.

Developers Note

Each site now has a per site cache. To prevent any flushes affecting all sites,  please add the following code after the line containing WP_REDIS_PASSWORD:

define( 'WP_REDIS_SELECTIVE_FLUSH', true );

 

PR: https://github.com/dc-thomson/wordpress/pull/2221

• Plugins Update
  • ElasticPress (WordPress Cluster) 1.3.3
    • Added missing wpc_ep_activate_feature(). Thanks Graeme for the report.
• Platform update
  • CORE-1467 Per site object caching and flushing.
    
    • Reverted

Developers Note

To test accurately against production settings, please add the following code after the line containing WP_REDIS_PASSWORD:

define( 'WP_REDIS_SELECTIVE_FLUSH', true );

 

PR: https://github.com/dc-thomson/wordpress/pull/2066; https://github.com/dc-thomson/wordpress/pull/2213