Releases: ClassicPress/ClassicPress-release
ClassicPress 1.5.0-rc1
ClassicPress 1.5.0-rc1 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.4.4
- PHP 8.0 compatibility 🎉
- Added support for image lazy loading
- Introduced
cp_attributes()for theme usage - Filter plugins that declare ClassicPress compatibility by default
- Add support for
Update URIplugin header - Theme editor now handles modern CSS without reporting errors
- Fresh installs will default to Comments and Avatars disabled
- Deprecate
single_month_title() - Fixed bug in password reset email links affecting some email clients
- Remove
typeattribute from css and JavaScript for HTML5 compliance - Updated PHPMailer
- Updated ID3
- Updated random_compat
- Updated SimplePie
- Many other minor updates, bug fixes and upgrades to development dependencies
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
ClassicPress 1.4.4
ClassicPress 1.4.4 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.4.3
- Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
- Open redirect in wp_nonce_ays – devrayn
- Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
- Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
- CSRF in wp-trackback.php – Simon Scannell
- Stored XSS via the Customizer – Alex Concha from the WordPress security team
- Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
- Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
- Data exposure via the REST Terms/Tags Endpoint – Than Taintor
- Content from multipart emails leaked – Thomas Kräftner
- RSS Widget: Stored XSS issue – Third-party security audit
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
ClassicPress 1.4.3
ClassicPress 1.4.3 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.4.2
This release contains security fixes to match the security changes in WordPress versions 6.0.2 and 4.9.21 (both released earlier this week).
Fariskhi Vidyan for finding a possible SQL injection within the Link API.
Khalilov Moe for finding an XSS vulnerability on the Plugins screen.
John Blackbourn of the WordPress security team, for finding an output escaping issue within the_meta().
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
ClassicPress 1.4.2
ClassicPress 1.4.2 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.4.1
- Update TinyMCE Visual editor to 4.9.11. This was achieved by reapplying the upgrade to TinyMCE 4.9.11, and thoroughly testing for breaking behaviour. Testing did reveal issues in handling Block and other comment containing content that will be addressed in a future release.
- Upgrade PHPMailer. PHPMailer has been updated through several versions to 6.6.3. It contains a minor adjustment which is backwards compatible with any code that calls the PHPMailer files directly. Unit tests have been introduce to ensure the adjustments remain in place on future updates.
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
ClassicPress 1.4.2-rc1
ClassicPress 1.4.2-rc1 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.4.1
- Update TinyMCE Visual editor to 4.9.11. This was achieved by reapplying the upgrade to TinyMCE 4.9.11, and thoroughly testing for breaking behaviour. Testing did reveal issues in handling Block and other comment containing content that will be addressed in a future release.
- Upgrade PHPMailer. PHPMailer has been updated through several versions to 6.6.3. It contains a minor adjustment which is backwards compatible with any code that calls the PHPMailer files directly. Unit tests have been introduce to ensure the adjustments remain in place on future updates.
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
ClassicPress 1.4.1
ClassicPress 1.4.1 is available now - use the "Source code (zip)" file below.
This is a bugfix release coming shortly after our large 1.4.0 release to fix a few issues:
- Make the TinyMCE Visual editor preserve paragraph tags correctly again. This was achieved by reverting the upgrade to TinyMCE 4.9.11, which will be re-introduced once it receives more testing.
- Fix fatal errors when sending emails using PHPMailer. Some plugins are using a non-standard way of loading PHPMailer and related classes, which broke when we upgraded the PHPMailer library to the latest version and we didn't catch this during testing. This was fixed by reverting the upgrade to PHPMailer.
- Fix error when loading the Theme Details dialog. This prevented users from performing various options related to the themes.
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
ClassicPress 1.4.0
ClassicPress 1.4.0 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.3.1
Security updates since 1.3.1
- Security updates from WP 4.9.19 (#898, thanks @mattyrob and WP contributors; see the WP 4.9.19 release notes for more information)
- Security updates from WP 4.9.20 (thanks WP contributors; see the WP 4.9.20 release notes for more information)
New features since 1.3.1
- Allow plugin and theme updates from an uploaded .zip file (#621, #877, #882, #885, thanks @mattyrob and WP contributors)
- Add new ID column to posts/pages/CPTs admin screens, hidden by default (#786, thanks @alvarofranz)
- Add two direct plugin upload links to admin to bypass loading the WP plugin repo (#788, #925, thanks @simplycomputing and @xxsimoxx)
- Upgrade Dashicons to the latest version, making all icons in the Dashicons reference available for ClassicPress plugins (#769, thanks @mattyrob and WP contributors)
- Work towards PHP 8 compatibility (not finished yet; multiple PRs, thanks @mattyrob, @bahiirwa, @KTS915 and WP contributors)
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
Contributors
Assets 2
1.4.0-rc3
ClassicPress 1.4.0-rc3 is available now - use the "Source code (zip)" file below.
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
ClassicPress 1.4.0-rc2
ClassicPress 1.4.0-rc2 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.3.1
- Allow plugin and theme updates from an uploaded .zip file (#621, thanks @mattyrob and WP contributors)
- Add new ID column to posts/pages/CPTs admin screens, hidden by default (#786, thanks @alvarofranz)
- Add two direct plugin upload links to admin to bypass loading the WP plugin repo (#788, thanks @simplycomputing)
- Upgrade Dashicons to the latest version, making all icons in the Dashicons reference available for ClassicPress plugins (#769, thanks @mattyrob and WP contributors)
- Work towards PHP 8 compatibility (not finished yet; multiple PRs, thanks @mattyrob, @bahiirwa, @KTS915 and WP contributors)
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
Contributors
Assets 2
ClassicPress 1.4.0-rc1
DO NOT USE - we quickly discovered a problem with this release and fixed it in 1.4.0-rc2!
More info: ClassicPress/ClassicPress#876 / https://forums.classicpress.net/t/classicpress-1-4-0-rc1-release-notes/3785