Jetpack 4.2 is a combination release with performance improvements and fixes for a couple of security vulnerabilities. These updates secure Contact Form submission exports from potential formula injections and fix a general XSS vulnerability in the misuse of the add_query_arg() function.
The majority of enhancements in this release are centered on speeding up communication between WordPress.com and Jetpack-enabled sites. Jetpack team member Carolyn Sonnek highlighted the key performance improvements most users can expect when comparing version 4.1.x with 4.2:
- Front end database queries reduced by 69% for all front-end page views
- Reduced wp-admin database queries by 43%
- Memory usage improved by over 20% when the site is viewed by logged out users
- Improved load time by 9.9% on shared hosting environments
Jetpack syncs all kinds of data from self-hosted sites to WordPress.com, perhaps more than many users realize. In order to send notification emails with the proper data, Jetpack syncs the site name, tagline, timezone, local, and permalink structure.
Jetpack also syncs content in order to make it available for editing on WordPress.com and the mobile apps, including posts, pages, custom post types, and metadata. The plugin syncs comments, taxonomies, menus, themes, plugins, user data, and more. Automattic has a couple of example lists on GitHub showing the defaults and user actions that Jetpack syncs. With all of this data being sent to WordPress.com, performance enhancements like those introduced in 4.2 are imperative for keeping the plugin from getting sluggish.
Jetpack 4.2.1 was also released on the heels of 4.2 to fix a few issues that popped up after the release, including a conflict between the plugin and W3 Total Cache that blocked some users from accessing the admin, issues with publicize and custom post types, and syncing for large multisite networks.