Releases: ClassicPress/ClassicPress-release
ClassicPress 1.7.0
ClassicPress 1.7.0 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.6.0
Minor changes and bugfixes since 1.6.0
- Add a deprecation notice for XHTML theme syntax
- Fix a potential issue in plugin modal including a WordPress backport
- Fix failing PHPUnit test
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
ClassicPress 1.6.0
ClassicPress 1.6.0 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.5.3
New features since 1.5.3
New Dashboard widget raising awareness of ClassicPress 2.0.0 development
Deprecation Notice: the minimum supported version of PHP will be 7.4 in ClassicPress 2.0.0
Minor changes and bugfixes since 1.5.3
Security Page will be hidden by default unless it is used
The Petitions widget has been retired and removed
Backports of upstream enhancements
– Add support for Enums in is_serialized()
– Disable auto-correct when bulk editing slugs
– Prevent excessive trimming of names in email “From” headers
– Correct the check for non-existing post in get_post_permalink()
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
ClassicPress 1.5.3
ClassicPress 1.5.3 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.5.2
This release is a maintenance and security release.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release.
- A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
- A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
ClassicPress 1.5.2
ClassicPress 1.5.2 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.5.1
- Fix fresh installation issues due to wp-config-sample.php layout
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
ClassicPress 1.5.1
ClassicPress 1.5.1 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.5.0
- Fix incomplete
preg_matchregex inget_the_post_thumbnail() - Introduce polyfill for
str_contains() - Avoid call to non-existent
is_taxonomy_viewable() - Updated requirements/recommendations and financial support information in readme.html
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
ClassicPress 1.5.0
ClassicPress 1.5.0 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.4.4
New features
- PHP 8.0 compatibility 🎉
- Added support for image lazy loading
- Introduced cp_attributes() function for theme usage
- Filter plugins that declare ClassicPress compatibility by default
- Add support for Update URI plugin header
- Fix a notice in the Theme screen
- Remove type attribute from css and JavaScript tags for HTML5 compliance
- Fresh installs will now disable Comments and Avatars by default
Minor changes and bugfixes
- Theme editor now handles modern CSS without reporting errors
- Deprecate single_month_title()
- Fixed bug in password reset email links affecting some email clients
- Updated PHPMailer library
- Updated ID3 library
- Updated random_compat library
- Updated SimplePie library
Development improvements and fixes since 1.4.4
- Multiple upgrades to build and development dependencies
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
ClassicPress 1.5.0-rc2
ClassicPress 1.5.0-rc2 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.5.0-rc1
What's Changed
- Make external tests less flaky by @mattyrob in ClassicPress/ClassicPress#1174
- Renovate[bot]: Update dependency rollup to v3.7.4 by @renovate in ClassicPress/ClassicPress#1186
- Renovate[bot]: Update dependency @rollup/plugin-commonjs to v23.0.4 by @renovate in ClassicPress/ClassicPress#1187
- Renovate[bot]: Update dependency postcss to v8.4.20 by @renovate in ClassicPress/ClassicPress#1192
- Renovate[bot]: Update Node.js to v16.19.0 by @renovate in ClassicPress/ClassicPress#1193
- Renovate[bot]: Update dependency rollup to v3.7.5 by @renovate in ClassicPress/ClassicPress#1197
- Renovate[bot]: Update dependency @rollup/plugin-commonjs to v23.0.5 by @renovate in ClassicPress/ClassicPress#1194
- WP-r42632: Themes: Use api v. 1.2 to query theme information. by @xxsimoxx in ClassicPress/ClassicPress#1196
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
Contributors
Assets 2
ClassicPress 1.5.0-rc1
ClassicPress 1.5.0-rc1 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.4.4
- PHP 8.0 compatibility 🎉
- Added support for image lazy loading
- Introduced
cp_attributes()for theme usage - Filter plugins that declare ClassicPress compatibility by default
- Add support for
Update URIplugin header - Theme editor now handles modern CSS without reporting errors
- Fresh installs will default to Comments and Avatars disabled
- Deprecate
single_month_title() - Fixed bug in password reset email links affecting some email clients
- Remove
typeattribute from css and JavaScript for HTML5 compliance - Updated PHPMailer
- Updated ID3
- Updated random_compat
- Updated SimplePie
- Many other minor updates, bug fixes and upgrades to development dependencies
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
ClassicPress 1.4.4
ClassicPress 1.4.4 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.4.3
- Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
- Open redirect in wp_nonce_ays – devrayn
- Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
- Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
- CSRF in wp-trackback.php – Simon Scannell
- Stored XSS via the Customizer – Alex Concha from the WordPress security team
- Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
- Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
- Data exposure via the REST Terms/Tags Endpoint – Than Taintor
- Content from multipart emails leaked – Thomas Kräftner
- RSS Widget: Stored XSS issue – Third-party security audit
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:
ClassicPress 1.4.3
ClassicPress 1.4.3 is available now - use the "Source code (zip)" file below.
Here are the highlights from this release:
Notable changes since ClassicPress 1.4.2
This release contains security fixes to match the security changes in WordPress versions 6.0.2 and 4.9.21 (both released earlier this week).
Fariskhi Vidyan for finding a possible SQL injection within the Link API.
Khalilov Moe for finding an XSS vulnerability on the Plugins screen.
John Blackbourn of the WordPress security team, for finding an output escaping issue within the_meta().
More information
See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub: