This is a Security focused release A security issue was responsibly reported and this release hardens security so that we properly enforce safe URLs for the Pods form submission confirmation page URLs. Security hotfixes are now available Are you running an older version of Pods? A special release has been prepared for each major version …
Now that our usage chart is looking much more colorful after the new major releases we’ve put out in the past two years, it’s time to revisit EOL security support on them. We have an official security policy in place which explains which versions are supported and which are EOL. Currently any version below Pods 2.7 is …
What’s new in Pods 3.1? This is a Security focused release While this release is meant to be as backwards compatible as possible, some aspects of security hardening may require manual intervention by site owners and their developers. Having trouble upgrading? Check out our Upgrade FAQ and Priority Upgrade Support form. Important documentation for this …
Maintenance Release 2.7.12 is being pushed today to address some issues with User Relationship displays and Currency field sorting.
Dear Pods Users and Developers – We’ve discovered a security vulnerability in Pods that affects all versions of 2.0 and later. The vulnerability affects those using the Extended Users feature, and in certain situation allows unauthorized creation of new users. The vulnerability has been patched in version 2.4.2 and all previous versions of Pods 2.x. …
Release Notes Security Update Reminder (from 1.12): AJAX API calls all utilize _wpnonce hashes, update your customized publicForm / input helper code AJAX (api.php and misc.php expect `wp_create_nonce(‘pods-‘ . $action)` usage) Changed: More strictness to the above security update, also setting tighter defaults for security access w/ uploader
Release Notes Important: As with all upgrades, we take them seriously. If you experience any major issues when upgrading to this version from a previous version, immediately contact [email protected] and we’ll help get your upgrade issue figured out (critical bugs only please) Security Update: AJAX API calls all utilize _wpnonce hashes, update your customized publicForm …
Just implemented _wpnonce (See: http://codex.wordpress.org/Wordpress_Nonce_Implementation) for Pods 1.12, which basically means we’re tightening down security even more 😉
Release Notes Security Update: New security settings section in the Pods >> Setup >> Settings tab to restrict access to the File Browser / Uploader used in publicForm — adjust the settings to fit your site if you experience any problems with your File Uploader Changed: PICK Field Multi-select saving now uses data-value=”…” instead of …
Scheduled for next week with Mark Jaquith to go over security and I’ll make sure we’re on the right track with Pods 2.0