Jetpack 4.0.4 is now available for download and includes some important security updates, bug fixes, and improvements. We recommend that you update your sites to the latest version as soon as possible.
We have a number of security updates this release:
- Post By Email: added extra security to prevent unauthorized changes to Post By Email settings. Thank you to Yogesh Modi for the sensible disclosure of this issue.
- Likes: fixed an XSS vulnerability in the Likes module. Thanks to Luciano Corsalini for their prompt disclosure of this issue.
- REST API/Contact Form: fixed to ensure that submitted Feedback forms are not publicly available via the REST API. Thank you to Hugh Forsyth at United World Schools for alerting us to this issue.
We’ve made improvements to the connection process when linking a Jetpack site to WordPress.com and have updated our debug process to make it easier for you to get in touch with our Jetpack Happiness Engineers.
A few more improvements in this release include:
- Multisite: improved Jetpack Connection management in Jetpack’s Network Admin menu for multisite.
- Photon: auto-generate additional srcset options, to improve responsive image support.
- Protect: increased the default timeout to 30 seconds and added a new filter –
jetpack_protect_connect_timeout, – to allow further customization of the Protect timeout from this default.
We’ve fixed a bug in the Jetpack Comments form where the comment form language was always set to English instead of the language used on the site. We’ve now updated this to use the language set on the site. Also updated is the Custom CSS module to properly handle slashes and quotes when saving your CSS in this module.
Those are just a few of the bug fixes in this release. The full changelog can be found on our plugin page.
A big thank you to everyone who contributed to 4.0.4 (a.k.a. “Release Definitely Found”):
Alex Kirk, Biser Perchinkov, Brandon Kraft, Christopher Finke, Daniel Walmsley, David Marshall, Elio Rivero, Eric Binnion, George Stephanis, Igor Zinovyev, James Nylen, Jeremy Herve, Matt Wiebe, Miguel Lezama, Sam Hotchkiss, Terence Eden, Timmy Crawford, Weston Ruter, and Rocco Tripaldi.