Skip to content

2.1.10 - Security Hardening

Choose a tag to compare

View all tags
@georgeolaru georgeolaru released this 09 Feb 10:23
· 128 commits to main since this release
2.1.10
c1dbac4

2.1.10 - Security hardening release

  • Security: Fix Stored XSS in Separator block
  • Security: Sanitize comment meta data with sanitize_text_field()
  • Security: Add input validation and sanitization to REST API endpoint
  • Security: Add isset() check for $_GET['page'] in client-assets.php
  • Security: Escape site description and sanitize className in logo block
  • Security: Escape author display name and style in post-meta block
  • Security: Escape style and class attributes in multiple blocks
  • Fix: Restore inline SVG rendering in Decorative separator style
  • Fix: Separator lines/arrows color now matches symbol color in Hero blocks
  • Fix: Block preview crashes in WP 6.9 editor
  • Update: Tested up to WordPress 6.9.1
Assets 3
Loading