Jetpack 4.0.4 Released, Patches 3 Security Vulnerabilities

photo credit: Tek F - cc
photo credit: Tek Fcc

Jetpack 4.0.4 is available for download and users are encouraged to update as soon as possible. This release contains a number of security fixes, including extra security to post by email, a patched XSS vulnerability in the Likes module, and a fix to ensure that submitted Feedback forms are not publicly available via the REST API. Yogesh Modi, Luciano Corsalini, and Hugh Forsyth, are credited with discovering and responsibly disclosing the vulnerabilities.

In addition to the security enhancements, the process of connecting Jetpack sites to WordPress.com is improved along with the debug process. Users who experience issues will be able to contact Jetpack Happiness Engineers to receive support. Jetpack 4.0.4 also fixes a bug with the Jetpack Comments module where the comment form language was always set to English. It now uses the language configured on the site. In addition, the Custom CSS module correctly handles slashes and quotes.

Check out the plugin’s changelog to see a full list of changes in this release.

Would you like to write for WP Tavern? We are always accepting guest posts from the community and are looking for new contributors. Get in touch with us and let's discuss your ideas.