Gå till innehåll Gå till huvudmeny

Municipio 5.3.0

SNT
Sebastian Nordqvist Thulin Författare
Publicerad:

Municipio 5.3.0 is a security release, improving some weak points in standard WordPress installations. It also fixes some potential XSS attacks.

Wp Security (1.1.0)

  • A brand new security plugin has been developed in order to improve WordPress security. This plugin lacks settings, but apply som automated headers etc.
    • Generic login error messages (prevent user enumeration)
    • Generic password reset responses (prevent user enumeration)
    • HTTP Strict Transport Security (HSTS) headers if SSL is detected.
    • Automatic CORS configuration, defaults to current site, allows additional headers to be set with htaccess i needed.
    • Subresource Integrity (SRI) for scripts and styles that are stored locally on disk.
    • XML-RPC automatic disable.
    • Improved comment sanitization
    • Automatic Content Security Policy (CSP) by reading the current output (no manual config needed).

Note: This is designed as a mu-plugin, and cannot be turned off. 

Municipio Theme (5.151.3)

  • Adds a place search rest endpoint to be able to populate openstreetmap with query results.
  • Improve feature to mirror posts from other sites in the network, complete with canonicals and schemadata.
  • Schemadata forms has been improved on schema posts; now utilizing a form factory.
  • Sanitazion of queryparameters in the rest render endpoint for menu generation.

Modularity (6.81.4)

  • Fixes a HTML syntax error when modules where rendered inline in the gutenberg editor. This also removes the use inline template in the admin panel (detected automatically).
  • Removes a insecure javascript in the table module fetched from a remote service (datatables).
  • Improves the output sanitation in the text module.
  • Mitigates two warnings in the post module regarding placement of archive links.
  • Fixes population of schema select dropdown in posts module.

Open Street Map (2.7.5)

  • Now using PostObjectInterface schema properly according to specification.

Simplify Admin Menus (1.3.0)

  • New plugin added intended to simplify the admin panel.

Event Manager Integration (2.0.32)

  • Fixes a timezone error when rendering dates in some contexts (specifically archive lists).

Algolia JS Searchpage Addon (3.3.2)

  • Declutter rendering by removing number of results and query in response message (rendered in input field only).

Active Directory Integration (3.1.0)

  • Sanitizes all $_GET and $_POST variables handled in authentication process to remove ability to make malicious requests.

Other

  • Added publiccode.yml declaration.
  • Updated error page to improve rendering of error messages.
  • Add install.html to remove list when deployment runs.