Pods 2.7.12 Security/Maintenance Release
Maintenance Release 2.7.12 is being pushed today to address some issues with User Relationship displays and Currency field sorting.
Maintenance Release 2.7.12 is being pushed today to address some issues with User Relationship displays and Currency field sorting.
Dear Pods Users and Developers – We’ve discovered a security vulnerability in Pods that affects all versions of 2.0 and later. The vulnerability affects those using the Extended Users feature, and in certain situation allows unauthorized creation of new users. The vulnerability has been patched in version 2.4.2 and all previous versions of Pods 2.x. …
Release Notes Security Update Reminder (from 1.12): AJAX API calls all utilize _wpnonce hashes, update your customized publicForm / input helper code AJAX (api.php and misc.php expect `wp_create_nonce(‘pods-‘ . $action)` usage) Changed: More strictness to the above security update, also setting tighter defaults for security access w/ uploader
Release Notes Important: As with all upgrades, we take them seriously. If you experience any major issues when upgrading to this version from a previous version, immediately contact [email protected] and we’ll help get your upgrade issue figured out (critical bugs only please) Security Update: AJAX API calls all utilize _wpnonce hashes, update your customized publicForm …
Just implemented _wpnonce (See: http://codex.wordpress.org/Wordpress_Nonce_Implementation) for Pods 1.12, which basically means we’re tightening down security even more 😉
Release Notes Security Update: New security settings section in the Pods >> Setup >> Settings tab to restrict access to the File Browser / Uploader used in publicForm — adjust the settings to fit your site if you experience any problems with your File Uploader Changed: PICK Field Multi-select saving now uses data-value=”…” instead of …
Scheduled for next week with Mark Jaquith to go over security and I’ll make sure we’re on the right track with Pods 2.0
Going to contract Mark Jaquith at http://coveredwebservices.com/ for a couple hours of consulting near the end of the month. Going to have him review parts of the plugin to ensure security is top notch.
You must be logged in to post a comment.