Skip to content

2.5.1
Compare
Choose a tag to compare
@westonruter westonruter released this 18 Dec 21:17
· 272 commits to develop since this release
2.5.1
273b510
This commit was signed with the committer’s verified signature. The key has expired.
westonruter Weston Ruter
GPG key ID: EA2DF8EF632FBCAE
Expired
Learn about vigilant mode.

This is a maintenance and security release which fixes a reflected XSS vulnerability when mobile redirection is enabled. For prior affected versions, the fix is backported to new patch releases: v2.0.12, v2.1.5, v2.2.5, v2.3.1, and v2.4.3. These are available in the WordPress Plugin Directory but not on GitHub.

For the full list of issues and pull requests in this release, please see the 2.5.1 milestone.

Changelog

  • ⚠️ Fix reflected XSS security vulnerability with mobile redirection is enabled. Props to @anteksiler for responsible disclosure.
  • Prevent validation errors and fix tests caused by the Gutenberg Interactivity API experiment.
  • Fix static analysis errors reported by PHPStan.
  • Improve PHP 8.3 compatibility.

Props

Lovekesh Kumar (@thelovekesh), Maitreyie Chavan (@maitreyie-chavan), Milind More (@milindmore22), Weston Ruter (@westonruter)

Installation

Now available to install via WordPress.org.

You can also install the amp.zip build linked below by uploading it in the WordPress admin.

To install as a Git submodule, consider 2.5.1-built.

Contributors

westonruter, anteksiler, and 3 other contributors
Assets 4
Loading