ClassicPress is an open source content management application. Forked from WordPress 4.9.x in 2019, development focuses on improved security, less bloat, and block-free.
Speichern und wiederherstellen
21 Juni - 55MBClassicPress 1.1.4 is a security release to match the security changes in WordPress versions 5.4.2 and 4.9.15 (both released on June 10, 2020).
- fixed an open redirect issue in wp_validate_redirect()
- fixed an authenticated XSS issue via theme uploads
- fixed an issue where set-screen-option can be misused by plugins leading to privilege escalation
Lesen Sie mehr: https://forums.classicpress.net/t/classicpress-1-1-4-release-notes/2371
7 Mai - 55MB1.1.3
ClassicPress 1.1.3 is a security release to match the security changes in WordPress versions 5.4.1 and 4.9.14 (both released on April 29, 2020).
If your ClassicPress site has automatic updates enabled (the default configuration), then the new version will be installed automatically. Otherwise, we strongly recommend applying this update from your site’s dashboard as soon as possible.
- fixed an issue where password reset tokens were not properly invalidated
- fixed an issue where certain private posts can be viewed unauthenticated
- fixed an XSS issue in the Customizer
- fixed an XSS issue in wp-object-cache
- fixed an XSS issue in file uploads.
ClassicPress 1.1.2 is a security release to match the security changes in WordPress versions 5.3.1 and 4.9.13 (both released on December 12, 2019).
- fixed an issue where an unprivileged user could make a post sticky via the REST API.
- fixed an issue where cross-site scripting (XSS) could be stored in well-crafted links.
- hardened wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
Lesen Sie mehr: https://forums.classicpress.net/t/classicpress-1-1-3-release-notes/2301
16 November 2019 - 55MBClassicPress 1.1.1 is a security release to match the security changes in WordPress versions 5.2.4 and 4.9.12 (both released on October 14, 2019).
Security fixes from ClassicPress 1.1.0
- Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
- Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
- Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
- Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
- Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.
For more information about the security changes in this release, see the WordPress 5.2.4 release notes post.
Other changes from ClassicPress 1.1.0
This release contains two changes to the build process. These changes do not affect the functionality of the ClassicPress release:
- Improve the process for listing/building the emoji feature (details)
- Keep build dependencies up to date (details)
Unsere Webhostings sind kompatibel mit
100 GB und mehr
Erweiterte Verwaltung von EV- und DV-SSL-Zertifikaten
10 GB VOD
2 CPU und mehr
6 GB RAM und mehr
100% dedizierte Ressourcen
Infomaniak verwaltet Ihren Server
ab CHF 42.- / Monat
Preise in CHF