We’re happy to announce the release of ClassicPress 2.7.0.
This is a security, feature and maintenance release.
New Features
- Added core support option for APCu object cache
- Converted core widgets to vanilla JavaScript
- Introduced more Performant Translations
- Add view transitions throughout Admin
Security Fixes
- A Blind SSRF issue reported by sibwtf, and subsequently by several other researchers while the fix was being worked on
- A regex DoS weakness in numeric character references reported by Dennis Snell of the WordPress Security Team
- A stored XSS in nav menus reported by Phill Savage
- An AJAX query-attachments authorization bypass reported by Vitaly Simonovich
- A stored XSS via the data-wp-bind directive reported by kaminuma
- An XSS that allows overridding client-side templates in the admin area reported by Asaf Mozes
- A PclZip path traversal issue reported independently by Francesco Carlucci and kaminuma
- An XXE in the external getID3 library reported by Youssef Achtatal
Minor changes and bugfixes since 2.6.0
- Fixed typo in deprecated argument message
- Ensure custom comment form fields appear for logged-in users
- Show audio and video files when loaded to widgets by URL
- Updated CA bundle to v1.5.10
- Fixed text in Media library grid view Help tab
- Fixed The ClassicPress Theme mobile nav menu and add i18n
- Upgraded SimplePie to 1.9.0
- Improved clone ID handling in widget drag-and-drop
- Refactored APCu object cache setting with handler class
- Added polyfills for two block-related functions
- Added admin notice to use ClassicPress directory plugin
- Added focus check before hiding theme actions
- Revise logic for plugin compatability notices and consider tags
- Reverted inadvertent changes to plupload.js
- Fixed console errors in Customizer file selectors
- Enable APCu caching when
cp_object_cacheoption is created - Added Link Manager and APCu options in schema.php
- Instantiate JavaScript in inactive Text and Custom HTML widgets
- Added visibility to WP hosted plugins tagged “ClassicPress”
- Removed unnecessary dependency handling for non-included packages
- Fixed Attachment Details Modal layout when ACF plugin is active
- Show categories and tags by name in Media modals
- Fixed backward compatibility of
fetch_feed() - Updated PHPMailer to 7.0.0
- Improved contextual help in Menu, Settings and Upgrade screens
- Updated CodeMirror to latest v5 version
- Added polyfill for
do_blocks() - Fixed display issue of Attachment Details modal on small screens
- Show Directory Integration message in About screen conditionally
- Show categories and tags name in Edit screen media modals
- Fixed strings for Autosave type in Revisions
- Fixed warning in Media when attached post is deleted
- Fixed WP-CLI issues with APCu object cache enabled
- Updated position input field after Menu item drag and drop
- Fixed blocks compatibility notices on Win filesystem
- Fixed ID column display in Revisions page on small screens
- Fixed string in recovery mode email
- Updated footer layout in revisions modal
- Moved search box above tables in admin on small screens
- Prevent scaling issues on featured images in Twenty Seventeen
- Added homepage widget area in The ClassicPress Theme
- Updated
The ClassicPress Themetemplate files - Bumped
The ClassicPress Themeversion to v1.2.0 - Respect reduced motion settings in View Transitions in admin
- Initialize Thickbox variables to prevent ReferenceError
- Improved Theme Search bar placement in admin on small screens
- Updated template files in
The ClassicPress Theme - Bumped Twenty Seventeen Theme version to 99.3.1
- Fixed HTML in search and 404 templates in
The ClassicPress Theme
Build and Testing Changes
- Exclude legacy certificate file from release checks
- Introduced FileSystem unit tests
- Refactored and simplified
webpackbuild processes - Reduced thresholds for object cache threshold tests
- Extended eslinting to webpack files
- Switched to shogo82148/actions-setup-mysql GitHub Action
- Added MariaDB testing and introduced reusable testing
Deprecation notices
Contributors
In no particular order the following people have contributed to this ClassicPress release:
ClassicPress props
Matt Robinson, Simone Fioravanti, Tim Kaye, David Baumwald, Guido, Jonathan Desrosiers, Sergey Biryukov, Peter Wilson, Pascal Birchler, Colin Stewart, Weston Ruter, Felix Arntz, Jb Audras, Ciprian Popescu.
ClassicPress committers (in random order)
Matt Robinson, Tim Kaye, Simone Fioravanti, AlecK, Guido, Joseph, Elisabetta Carrara, Fabian Wolf, Ciprian Popescu.
WordPress committers
David Baumwald, Jonathan Desrosiers, Sergey Biryukov, Peter Wilson, Pascal Birchler, Colin Stewart, Weston Ruter, Felix Arntz, Jb Audras.
WordPress props
maorb, valendesigns, CarlSteffen, swissspidy, rachelbaker, kushsharma, abcd95, iamadisingh, oglekler, welcher, david.binda, davidbaumwald, SergeyBiryukov, sabernhardt, azaozz, peterwilsoncc, kaygee79, TobiasBg, caraffande, costdev, zunaid321, dfavor, afragen, flixos90, afercia, aristath, poena, mukesh27, javiercasares, aslamdoctor, wildworks, SirLouen, mindctrl, kalpeshh, yashjawale, sachinrajcp123, sanchothefat, westonruter, vietcgi, ayeshrajans, jrf, dd32, joemcgill, akirk, audrasjb, jorbin, sukhendu2002, iandunn, nacin, mark-k, dilipbheda, agulbra, Ipstenu, JeffMatson, lukecavanagh, Otto42, MattyRob, desrosj, amieiro, Chrystl, Chouby, joedolson, muryam, ozgursar, presskopp, iflairwebtechnologies, John Blackbourn, jonsurrell, adamsilverstein, WraithKenny, rafa8626, netweb, JarretC, mrfoxtalbot, dkotter, solankisoftware.
Download this release
| New sites | DownloadClassicPress-release-2.7.0.zipand follow the installation instructions. |
|---|---|
| Existing WordPress sites | Download the migration plugin and follow the migration instructions. |
| Existing ClassicPress sites | Use the built-in update mechanism (more info). |
Full changelog
The full changelog is available on GitHub.