Jetpack 4.0.4 is available for download and users are encouraged to update as soon as possible. This release contains a number of security fixes, including extra security to post by email, a patched XSS vulnerability in the Likes module, and a fix to ensure that submitted Feedback forms are not publicly available via the REST API. Yogesh Modi, Luciano Corsalini, and Hugh Forsyth, are credited with discovering and responsibly disclosing the vulnerabilities.
In addition to the security enhancements, the process of connecting Jetpack sites to WordPress.com is improved along with the debug process. Users who experience issues will be able to contact Jetpack Happiness Engineers to receive support. Jetpack 4.0.4 also fixes a bug with the Jetpack Comments module where the comment form language was always set to English. It now uses the language configured on the site. In addition, the Custom CSS module correctly handles slashes and quotes.
Check out the plugin’s changelog to see a full list of changes in this release.