Posted on

Premium 2.25 / Free 4.22 release notes

This is a security update. A security hole was found in Relevanssi that allowed anybody to view site drafts. Versions 2.25 and 4.22 patch this hole.

2.25.2 / 4.22.2

  • Security fix: Prevent CSV injection attack in log export. This has no effect, unless you export logs to view them in a spreadsheet app, and even there I’m not sure what damage can be done.
  • Security fix: Restrict access to doc count updates. This could’ve been used as a method for denial-of-service attacks; of course, it’s just one of many such methods to attack a WordPress site, with or without Relevanssi.
  • Minor fix: Product variations check the parent product for access restrictions to avoid situations where variations of a draft product appear in the results.
  • Minor fix: Improved TablePress compatibility.
  • Minor fix: Added error handling to the Ninja Table compatibility code.

2.25.1 / 4.22.1

  • Security fix: Relevanssi had a vulnerability where anyone could access search and click logs. The log export is now protected.
  • Minor fix: Relevanssi had problems with Polylang when a post or term didn’t specify a language. Now Relevanssi handles those situations better.
  • Minor fix: Post date throttling had a MySQL error that made it replace JOINs instead of concatenating.
  • Minor fix: The log database table now has an index on session_id, as not having that index can greatly slow down the search.

2.25.0 / 4.22.0

  • New feature: New filter hook relevanssi_searchform_dropdown_args filters the arguments for wp_dropdown_categories() in search forms.
  • Changed behaviour: Search form shortcode taxonomy dropdowns are now sorted alphabetically, not by term ID.
  • Minor fix: Caught a bug in excerpt-building with empty words.
  • Minor fix: It’s now possible to set both post__in and post__not_in and likewise for parent__in and parent__not_in.
  • Minor fix: The post_status is no longer available as a query parameter.

You can find the new versions from the automatic updates or the Downloads page.

Leave a Reply

Are you a Relevanssi Premium customer looking for support? Please use the Premium support form.

Your email address will not be published. Required fields are marked *