At Jetpack, we are continuously working to develop a better product for you and your website. This month, we bring the popular Story Block to the web editor, a feature previously exclusive to mobile. This release also includes a fix for a security vulnerability for the Carousel feature.
We consequently encourage you to update all sites that you administer as soon as possible.
Security update for all sites using the Carousel feature
We found a vulnerability in the Carousel feature and its option to display comments for each image. Thank you to nguyenhg_vcs for disclosing this issue to us in a responsible manner.
We have no evidence that this vulnerability has been exploited in the wild. However, now that the update has been released, it is only a matter of time before someone tries to take advantage of this vulnerability.
We consequently invite you to update your version of Jetpack as soon as possible. To help you in this process, we worked with the WordPress.org Security Team to release patched versions of every version of Jetpack since 2.0. Most websites have been or will soon be automatically updated to a secured version.
Versions released today include 2.0.8, 2.1.6, 2.2.9, 2.3.9, 2.4.6, 2.5.4, 2.6.5, 2.7.4, 2.8.4, 2.9.5, 3.0.5, 3.1.4, 3.2.4, 3.3.5, 3.4.5, 3.5.5, 3.6.3, 3.7.4, 3.8.4, 3.9.8, 4.0.5, 4.1.2, 4.2.3, 4.3.3, 4.4.3, 4.5.1, 4.6.1, 4.7.2, 4.8.3, 4.9.1, 5.0.1, 5.1.2, 5.2.3, 5.3.2, 5.4.2, 5.5.3, 5.6.3, 5.7.3, 5.8.2, 5.9.2, 6.0.2, 6.1.3, 6.2.3, 6.3.5, 6.4.4, 6.5.2, 6.6.3, 6.7.2, 6.8.3, 6.9.2, 7.0.3, 7.1.3, 7.2.3, 7.3.3, 7.4.3, 7.5.5, 7.6.2, 7.7.4, 7.8.2, 7.9.2, 8.0.1, 8.1.2, 8.2.4, 8.3.1, 8.4.3, 8.5.1, 8.6.2, 8.7.2, 8.8.3, 8.9.2, 9.0.3, 9.1.1, 9.2.2, 9.3.3, 9.4.2, 9.5.3, 9.6.2, 9.7.1.
If you are running any of these versions, your website is not vulnerable to this issue.
Publish WordPress Stories on the web
With Jetpack 9.8, we make it easier for you to engage with your audience via WordPress Stories by bringing the Story Block to the web block editor.
Stories have become a powerful way to engage audiences on social media. With WordPress Stories, you can combine photos, videos, and text to create an engaging, tappable, full-screen slideshow that your visitors will love. Previously only available on mobile, you can now compose and share beautiful stories within the web block editor.
Other notable improvements and fixes coming with Jetpack 9.8
- We made some backend changes on the Carousel that will improve the page performance.
- Continued preparations for the Full Site Editor coming with WP 5.8 in July.
- Added support for Instagram Reel permalinks to be used as embedded content.
- We will be ending support for the IE 11 web browser starting in two months with our August release.
Come Join us!
We continue to grow and have some exciting open positions available at our parent company Automattic, including in Engineering, Product, Marketing, Business Development, HR, Customer Support, and more.
Work for us, from anywhere: https://automattic.com/work-with-us/
A big thank you to everyone who contributed to this release:
Adrian Moldovan, Allison Levine, Andrew Serong, Andy Peatling, Aurorum, Ben Dwyer, Biser Perchinkov, Bogdan Ungureanu, Brad Jorsch, Brandon Kraft, Brian Colinger, Camilla Krag Jensen, Caroline Moore, Chris R, Damián Suárez, Derek Smart, Donncha Ó Caoimh, Douglas Johnson, Enej Bajgoric, Glen Davies, Grant Kinney, Harris Papazolgou, Jason Moon, Jasper Kang, Jeremy Herve, John Caruso, Kim Brown, Matt Wiebe, Matthew Denton, Miguel Torres, Paul Bunkham, Pierre Gordon, Ramon, Samiff, Sergey Mitroshin, Sérgio Gomes, Steve D, Tom Cafferkey, Tugdual de Kerviler, Yaroslav Kukharuk, annemirasol, dlind1, leogermani, robertf4, stacimc
Explore the benefits of Jetpack
Learn how Jetpack can help you protect, speed up, and grow your WordPress site.
Get up to 50% off your first year.Compare plans
Wow OMG great progress, for everyone, cause Mr. Falah and the whole team that contributed, thank you very much. se/nz (((* L *))
If a site is running an older version, but not using the carousel feature, is it still vulnerable to this issue?
You can rest assured: if the Carousel feature is disabled, your site is not vulnerable to this issue.