This is a security update. A security hole was found in Relevanssi that allowed anybody to view site drafts. Versions 2.25 and 4.22 patch this hole.
2.25.2 / 4.22.2
- Security fix: Prevent CSV injection attack in log export. This has no effect, unless you export logs to view them in a spreadsheet app, and even there I’m not sure what damage can be done.
- Security fix: Restrict access to doc count updates. This could’ve been used as a method for denial-of-service attacks; of course, it’s just one of many such methods to attack a WordPress site, with or without Relevanssi.
- Minor fix: Product variations check the parent product for access restrictions to avoid situations where variations of a draft product appear in the results.
- Minor fix: Improved TablePress compatibility.
- Minor fix: Added error handling to the Ninja Table compatibility code.
2.25.1 / 4.22.1
- Security fix: Relevanssi had a vulnerability where anyone could access search and click logs. The log export is now protected.
- Minor fix: Relevanssi had problems with Polylang when a post or term didn’t specify a language. Now Relevanssi handles those situations better.
- Minor fix: Post date throttling had a MySQL error that made it replace JOINs instead of concatenating.
- Minor fix: The log database table now has an index on session_id, as not having that index can greatly slow down the search.
2.25.0 / 4.22.0
- New feature: New filter hook
relevanssi_searchform_dropdown_argsfilters the arguments forwp_dropdown_categories()in search forms. - Changed behaviour: Search form shortcode taxonomy dropdowns are now sorted alphabetically, not by term ID.
- Minor fix: Caught a bug in excerpt-building with empty words.
- Minor fix: It’s now possible to set both
post__inandpost__not_inand likewise forparent__inandparent__not_in. - Minor fix: The
post_statusis no longer available as a query parameter.
You can find the new versions from the automatic updates or the Downloads page.
