2.29.1 / 4.26.1

This release includes a couple of small improvements. The post part targeting with phrases is significantly better now, and the exact match bonus works much better.

• Changed behaviour: Exact match bonus was added to posts once per search term. Now it’s applied once per post.
• Changed behaviour: If you set the title or content bonus to 0 with the relevanssi_exact_match_bonus, that bonus is no longer applied.
• Changed behaviour: The relevanssi_results filter hook gets the search query as a second parameter.
• Minor fix: Exact match bonus is now significantly faster when processing large posts.
• Minor fix: Post part targeting with phrases is now more precise and doesn’t include false matches. New post part tag ‘media’ is available to target attachment content.

2.29.0 / 4.26.0

This release includes a security fix to stop a SQL injection vulnerability. With this vulnerability users with at least Contributor role on your site can execute SQL code.

The rest of the updates are small bug fixes. Click tracking and pinning work more reliably and synced patterns are handled better.

• Security: Fixes a vulnerability where a contributor-level user could make a SQL injection.
• Premium. Minor fix: Correct broken cases where there are parameters after Relevanssi click-tracking parameters.
• Premium. Minor fix: Click tracking is disabled in related posts fetching.
• Premium. Minor fix: Remove errors from using some language codes without a country identifier.
• Premium. Minor fix: Pinning weights did not work if the pinned word was in upper case. This case-sensitivity is now removed.
• Minor fix: The relevanssi_missing_sort_key hook did not fire for menu_order. It does now, if menu_order is 0.
• Minor fix: Relevanssi now ignores the contents of SVG tags.
• Minor fix: Synced pattern contents are now indexed recursively so that, for example, the relevanssi_noindex class works.
• Minor fix: Relevanssi no longer breaks image cloning in MultilingualPress.