Details

WordPress 4.8.2 is now available

WordPress release version 4.8.25.
This is a “Security and Maintenance Release” which introduces no new features, instead it fixes some security and performance issues of the most used CMS worldwide.
In particular these 9 problems are fixed, in addition to 6 performance fixes:

  • $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability.
  • A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. 
  • A cross-site scripting (XSS) vulnerability was discovered in the visual editor.
  • A path traversal vulnerability was discovered in the file unzipping code.
  • A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. 
    An open redirect was discovered on the user and term edit screens.
  • A path traversal vulnerability was discovered in the customizer.
  • A cross-site scripting (XSS) vulnerability was discovered in template names.
  • A cross-site scripting (XSS) vulnerability was discovered in the link modal. 

The update is available within the dashboard or at this address.
Who wants to preview the upcoming new release, can test WordPress 4.9 beta 3. Obviously it’s only for testing purposes and must not be installed in production environments.

SWFUpload won’t be supported in the version of WordPress

SWFUpload is a JavaScript library that allows to upload files to a website with advanced features, like multiple selection, progress bar and client file size check. Despite being a novelty at its time, development stopped some years ago and several WordPress releases ago, as a consequence the popular CMS won’t support the library in its next release.
Some plugins that still use SWFUpload won’t be supported anymore, unless they switch to another library:

  • MailPoet 2
  • CodeStyling Localization
  • WP All Import
  • Profile Builder
  • Gallery Grand Flagallery

A complete list of themes and plugins that adopt the library is available at this address. If you use one of them, either change it or contact the developers.

Joomla 3.8.1 is now available

Joomla 3.8.1 has been released, and it’s the last release of the 3.8 family. The next versions, 3.9 and 4.0, will be released simultaneously. There are no new features, as this release focuses on performances and security.
Some minor bugs have been fixed, amongst them:

Let’s briefly recap the news of the previous 3.8 version, released at the beginning of september:

  • New Routing System - The new routing system gives users more control over their URL structure, including the often requested ability to remove IDs from URLs
  • Joomla! 4 Compatibility Layer - The development of Joomla! 4 has made some changes in how the core code is structured by migrating classes to use PHP namespaces. Joomla! 3.8 includes a mapping layer to allow developers to use the older class names while being able to take advantage of the new class name structure.
  • Improved Sample Data Installation - It is now possible to install sample data within your site backend after finishing the installation process, allows users to create their own generic data sets or extension developers to provide easy-to-install sample data for their extensions
  • Sodium Encryption Support - PHP 7.2 introduces the new sodium extension for processing encrypted data, through a polyfill of this library Joomla! 3.8 makes this new API available for all of our users even before they upgrade to PHP 7.2

The Joomla 3.8.1 update is available in the management dashboard or at this address.

Joomla World Conference in Rome, 17-19 november

The Joomla World Conference (JWC) is the annual Joomla conference and, arrived at its sixth edition, it will be held in Europe for the first time.
The city chosen for the event is Rome (Sheraton conference centre), from 17 to 19 november 2017.

The events -presentations, keynotes, workshops and sessions- will be held both in English and Italian with simultaneous translations, and they are aimed to an heterogeneous public: from professionals that work with Joomla everyday to those who don’t know the CMS and would like to understand it and improve their knowledge.
During the 3 days of the conference you can also attend the exams and become Joomla certified. Further information at this address.

Java 9 is now available

Oracle, after releasing a beta version for testing purposes, released version 9 of the Java Development Kit (JDK).
The delay of the release was justified by as “additional time required to move through the JCP process.”
So after three years from the release of Java 8, developers will appreciate the new version which fixes some problems and finally introduces modularization, which was left out in the previous version. Modularization makes Java more scalable and enhances the deployment on devices.
Improvements of the new version are about:

  • Modularity
  • Developer Convenience
  • Strings
  • Diagnostics
  • JVM options
  • Logging
  • Javadoc
  • JavaScript/HTTP
  • Native Platform
  • JavaFX
  • Images
  • Unicode

Further information are available at this site, and at this address you can download Java 9.

More articles from this author