Posted on

Premium 2.29 / Free 4.26

by Mikko Saari

2.29.0 / 4.26.0

This release includes a security fix to stop a SQL injection vulnerability. With this vulnerability users with at least Contributor role on your site can execute SQL code.

The rest of the updates are small bug fixes. Click tracking and pinning work more reliably and synced patterns are handled better.

  • Security: Fixes a vulnerability where a contributor-level user could make a SQL injection.
  • Premium. Minor fix: Correct broken cases where there are parameters after Relevanssi click-tracking parameters.
  • Premium. Minor fix: Click tracking is disabled in related posts fetching.
  • Premium. Minor fix: Remove errors from using some language codes without a country identifier.
  • Premium. Minor fix: Pinning weights did not work if the pinned word was in upper case. This case-sensitivity is now removed.
  • Minor fix: The relevanssi_missing_sort_key hook did not fire for menu_order. It does now, if menu_order is 0.
  • Minor fix: Relevanssi now ignores the contents of SVG tags.
  • Minor fix: Synced pattern contents are now indexed recursively so that, for example, the relevanssi_noindex class works.
  • Minor fix: Relevanssi no longer breaks image cloning in MultilingualPress.

Leave a Reply

Are you a Relevanssi Premium customer looking for support? Please use the Premium support form.

Your email address will not be published. Required fields are marked *