Gå till innehåll Gå till huvudmeny

Municipio 5.3.0

SNT
Sebastian Nordqvist Thulin Författare
Publicerad:

Municipio 5.3.0 is a security release, improving some weak points in standard WordPress installations. It also fixes some potential XSS attacks.

Wp Security (1.1.0)

  • A brand new security plugin has been developed in order to improve WordPress security. This plugin lacks settings, but apply som automated headers etc.
    • Generic login error messages (prevent user enumeration)
    • Generic password reset responses (prevent user enumeration)
    • HTTP Strict Transport Security (HSTS) headers if SSL is detected.
    • Automatic CORS configuration, defaults to current site, allows additional headers to be set with htaccess i needed.
    • Subresource Integrity (SRI) for scripts and styles that are stored locally on disk.
    • XML-RPC automatic disable.
    • Improved comment sanitization
    • Automatic Content Security Policy (CSP) by reading the current output (no manual config needed).

Note: This is designed as a mu-plugin, and cannot be turned off. 

Municipio Theme (5.152.0)

  • Adds a place search rest endpoint to be able to populate openstreetmap with query results.
  • Improve feature to mirror posts from other sites in the network, complete with canonicals and schemadata.
  • Schemadata forms has been improved on schema posts; now utilizing a form factory.
  • Sanitazion of queryparameters in the rest render endpoint for menu generation.
  • Post visibility is now respected on post type archive pages when a page is assigned to the post type in page for posttype.
  • Automatic page tree menus are now handling private pages as visible in the menus, when a user is logged in.
  • Improves custom font rendering by respecting their native font-weight.
  • Attachmentpages now redirects to the actual file by default.
  • Adds customizer settings for breadcrumb display.

Modularity (6.81.11)

  • Fixes a HTML syntax error when modules where rendered inline in the gutenberg editor. This also removes the use inline template in the admin panel (detected automatically).
  • Removes a insecure javascript in the table module fetched from a remote service (datatables).
  • Improves the output sanitation in the text module.
  • Mitigates two warnings in the post module regarding placement of archive links.
  • Fixes population of schema select dropdown in posts module.
  • An adjustment has been made to Text modules heading size, in order to reflect how other module renders their headlines.
  • Post module now correctly renders taxonomies.
  • Adds settings for displaying module usage in list, editview and frontend edit view.

Modularity Like (2.14.0)

  • Adds the ability to like posts across pages in a network install.

Open Street Map (2.7.5)

  • Now using PostObjectInterface schema properly according to specification.

Simplify Admin Menus (1.3.0)

  • New plugin added intended to simplify the admin panel.

Event Manager Integration (2.0.32)

  • Fixes a timezone error when rendering dates in some contexts (specifically archive lists).

Algolia JS Searchpage Addon (3.3.2)

  • Declutter rendering by removing number of results and query in response message (rendered in input field only).

Active Directory Integration (3.1.0)

  • Sanitizes all $_GET and $_POST variables handled in authentication process to remove ability to make malicious requests.

Component Library (4.54.0)

  • Breadcrumb: settings for showing prefix label and hiding home icon.
  • Timeline: support for sequential mode (without date/time) and current/active step.

Other

  • Added publiccode.yml declaration.
  • Updated error page to improve rendering of error messages.
  • Add install.html to remove list when deployment runs.