7th Circle Designs

Building, Securing, and Optimizing WordPress Since 2014

Home » Blog

WooCommerce 5.8 Released

by Leave a Comment

We are pleased to announce the release of WooCommerce 5.8. This is a minor release and everything should be backwards compatible with the previous version.

This release contains:

As always, we recommend creating a backup of your site and making sure that your theme and any other plugins are compatible before updating. You can check out this update guide for more information.

What’s new in 5.8?

  • The REST API now supports modified_before and modified_after fields for product, order and coupon endpoints (#29461).
  • A set of usability problems with dropdown fields have been resolved (#28966 and #30607).
  • A bug that was impacting the featured status of products during quick-editing has been resolved. (#30471).
  • Small fixes for the in-app marketplace (#30624 and #30625).
  • Improvements made to our messaging when removing line items from within the order editor (#30650).

These are just some of the changes that are included in WooCommerce 5.8. You can find the complete changelog for this release in the changelog.txt file.

Compatibility Changes

While we try to deliver releases that are free from breaking changes, it is worth highlighting a potential breaking change within the WooCommerce Admin package, stemming from the removal of a number of settings from the wc_admin namespace within the wc/data store. This may impact some third party code that aims to integrate with WooCommerce Admin.

Actions and Filters

Two new filters have been added:

FilterDescription
woocommerce_quantity_input_min_adminAllows the minimum value for the product quantity selector (within the order editor) to be changed.
woocommerce_quantity_input_step_adminAllows the step value for the product quantity selctor (within the order editor) to be changed.

One filter has been changed:

FilterDescription
woocommerce_order_actionsOrder object is now available to callbacks via a second parameter.

Database changes

There are no database changes in this release.

Template changes

There are no template changes in this release.

Reposted from WooCommerce

WooCommerce 5.7.1 Fix Release

by Leave a Comment

WooCommerce 5.7.1 is available now. This release resolves several regression issues and fixed several bugs identified in 5.7.0.

Here’s what’s new:

You can download the latest release of WooCommerce here or visit Dashboard → Updates to update the plugin from your WordPress admin screen.

As usual, if you spot issues in WooCommerce core, please log them in detail on GitHub. Found a security issue? Please submit a report via HackerOne.

Reposted from WooCommerce

WooCommerce 5.7 Released

by Leave a Comment

WooCommerce 5.7 has been officially released! We’ve been hard at work and this release has

This is another minor release and so you should expect everything included to be backwards compatible with the previous version.

As always, we recommend creating a backup of your site and making sure that the themes and plugins are compatible before updating. You can check out this update guide for more information.

What’s new in 5.7?

  • Product variations manual menu ordering is now working correctly.
  • The Marketplace section has been redesigned with better styling and usability.
  • Added local currency formatting support.
  • Reverted legacy Select2 library back to version 4.0.3 (Previously overwritten by SelectWoo 1.0.9).
  • Product attribute permalinks now works correctly with non-ascii characters.
  • WooCommerce Blocks 5.6.0, and 5.7.0. These updates contain a number of enhancements, bug fixes, and improvements.
  • WooCommerce Admin 2.6.0. This update contain a number of enhancements, bug fixes and improvements.

These are just some of the changes that are included in WooCommerce 5.7. You can find the complete changelog for this release in the changelog.txt file.

Compatibility Changes

Our aim is to maintain backwards compatibility through every release unless otherwise noted. This section contains any alternations that may be noteworthy for developers in pursuit of that.

Actions & Filters

This release adds one hook:

HookDescription
woocommerce_product_options_externalAction hook fired when in general tab of a product in admin when displaying external product.

Database changes

There are no database changes in this release.

Template changes

There are no template changes in this release.

Reposted from WooCommerce

Important Security Patch Released in WooCommerce

by Leave a Comment

On September 21, 2021, our team released a security patch to address a server configuration setup used by some hosts, which under the right conditions may make some analytics reports publicly available.

What actions should I take?

Automatic software updates began rolling out on September 21, 2021, to all stores running impacted versions of WooCommerce, but we still highly recommend you ensure that you’re using a patched version. This is 5.7.0 or the highest number possible in your release branch.

After updating to a patched version, we also recommend disabling Directory Listing on your web server, if it isn’t already. This feature displays a list of every file in the web directory when there is no index file present. You can check if this is active by visiting <domain>/wp-content/uploads in a browser. If you’re not sure how to disable this, please contact your web host directly.

How do I know if my version is up-to-date?

The table below contains the full list of patched versions of WooCommerce and WooCommerce Admin. If you are running a version of WooCommerce that is not on this list, please update immediately to the highest version in your release branch. Once you update to any of the patched versions of WooCommerce below, WooCommerce Admin should update automatically.

Patched versions of WooCommerce
– 4.0.3
– 4.1.3
– 4.2.4
– 4.3.5
– 4.4.3
– 4.5.4
– 4.6.4
– 4.7.3
– 4.8.2
– 4.9.4
– 5.0.2
– 5.1.2
– 5.2.4
– 5.3.2
– 5.4.3
– 5.5.3
– 5.6.1
– 5.7.0
Patched versions of WooCommerce Admin
– 1.0.4
– 1.1.4
– 1.2.5
– 1.3.3
– 1.4.1
– 1.5.1
– 1.6.4
– 1.7.4
– 1.8.4
– 1.9.1
– 2.0.4
– 2.1.6
– 2.2.7
– 2.3.2
– 2.4.5
– 2.5.2
– 2.6.4

Why didn’t my website get the automatic update?

Your site may not have automatically updated for a number of reasons. A few of the most likely are: you’re running a version prior to one impacted (below WooCommerce 4.0.0), automatic updates have been explicitly disabled on your site, your filesystem is read-only, or there are potentially conflicting extensions preventing the update.

In all cases (except the first example, where you are unaffected), you should attempt to manually update to the newest patched version on your release branch (e.g. 4.0.3, 4.5.4, 5.5.3, etc), as listed in the table above.

How can I check if my reports were affected?

You can check your site’s reports to see:

  • Visit <your-domain>/wp-admin/options.php and search for the woocommerce_admin_report_export_status field. If it is present, it is possible that one of the report files may have been downloaded.
  • Visit <your-domain>/wp-content/uploads in a browser. If you receive a list of files, rather than a blank page, it is possible that a report file may have been made public.

Further questions?

If you have any further concerns or questions regarding this issue, our team of Happiness Engineers is on hand to help – open a support ticket.

Reposted from WooCommerce

WordPress 5.8.1 Security and Maintenance Release

by Leave a Comment

WordPress 5.8.1 is now available!

This security and maintenance release features 60 bug fixes in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.4 have also been updated.

WordPress 5.8.1 is a short-cycle security and maintenance release. The next major release will be version 5.9.

You can download WordPress 5.8.1 by downloading from WordPress.org, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Security Updates

3 security issues affect WordPress versions between 5.4 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 5.4 have also been updated to fix the following security issues:

  • Props @mdawaffe, member of the WordPress Security Team for their work fixing a data exposure vulnerability within the REST API.
  • Props to Michał Bentkowski of Securitum for reporting a XSS vulnerability in the block editor.
  • The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes.

In addition to these issues, the security team would like to thank the following people for reporting vulnerabilities during the WordPress 5.8 beta testing period, allowing them to be fixed prior to release:

  • Props Evan Ricafort for reporting a XSS vulnerability in the block editor discovered during the 5.8 release’s beta period.
  • Props Steve Henty for reporting a privilege escalation issue in the block editor.

Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the WordPress security team time to fix the vulnerabilities before WordPress sites could be attacked.

For more information, browse the full list of changes on Trac, or check out the version 5.8.1 HelpHub documentation page.

Reposted from WordPress

WooCommerce 5.6 Released

by Leave a Comment

WooCommerce 5.6 has been officially released! We’ve been hard at work and this release has

This is another minor release and so you should expect everything included to be backwards compatible with the previous version.

As always, we recommend creating a backup of your site and making sure that the themes and plugins are compatible before updating. You can check out this update guide for more information.

What’s new in 5.6?

  • Added a new options to enable a lookup table to improve filtering by product attributes.
  • A new “Refunds and Returns Policy” sample page will be included by default in all installations, Merchants can chose to publish this page if they want to.
  • WooCommerce Blocks 5.4.1, and 5.5.1. These updates contain a number of enhancements, bug fixes, and some improvements to allow products to be added by SKU in the Hand-Picked Products block.
  • WooCommerce Admin 2.5.0. This new package contains lots of bug fixes and stability improvements.
  • Improved support to Twenty Twenty-One theme.
  • Added support for “Shipping Phone”, in addition to Billing Phone in email templates and in the Order’s edit screen, note that WooCommerce Shipping & Tax extension already includes a “Shipping Phone” for the checkout form.
  • Fixed a problem preventing blocks from rendering when included within the shop page.

These are just some of the changes that are included in WooCommerce 5.6. You can find the complete changelog for this release in the changelog.txt file.

Compatibility Changes

Our aim is to maintain backwards compatibility through every release unless otherwise noted. This section contains any alternations that may be noteworthy for developers in pursuit of that.

Actions & Filters

This release adds one hook:

HookDescription
woocommerce_email_sentAction hook fired when an email is sent from WooCommerce.

And one update to a filter:

HookDescription
woocommerce_logout_default_redirect_urlFilter the redirect URL page, used to only get applied to wc_logout_url(), but now is also applied in other places that uses WooCommerce’s logout endpoint.

Database

There are no database changes in this release, but a database upgrade will be necessary to install the new “Refunds and Returns Policy” sample page.

Templates

FilterDescription
templates/emails/email-addresses.phpUpdated to display shipping phone if available.
templates/emails/plain/email-addresses.phpUpdated to display shipping phone if available.
templates/order/order-details-customer.phpUpdated to display shipping phone if available.

Reposted from WooCommerce

Domain Registration Best Practices

by Leave a Comment

When it comes to registering and maintaining our domain names there are several things we can and should do to protect them.

  • Use a reputable company and never use your hosting provider to register your domain name. When choosing a company, you want one that supports and ideally includes privacy as a option. There are many great and trustworthy companies out there. I personally use name.com. If you use the coupon privacyplease you can get free privacy from them.
  • Register your domain with an email address that is not on the domain you are registering, this way if you lose access to the domain you can recover it. I suggest creating a mailbox just for domain registrations (or an alias) that never gets used for anything else. I like to use protonmail since they are an encrypted mail service based in Switzerland and take privacy very seriously. Also make sure that this is a monitored address and that you update this with your registrar if you change addresses.
  • Make sure that your contact information is current and valid with your registrar. ICANN requires you to verify your information and keep it current.

Our domain should be considered equivalent to our brand and should be protected at all costs.

WooCommerce 5.5.2 Fix Release

by Leave a Comment

WooCommerce 5.5.2 is available now. This release resolves performance degradation issues and fixes several bugs identified in 5.5.0 and 5.5.1. These updates are unrelated to the recent security vulnerability that was solved by WooCommerce 5.5.1.

Here’s what’s new:

  1. Solved: Non-performant query in 5.5.1 causing performance issues in admin pages.
  2. Solved: Search query not showing expected results with few themes and plugins.
  3. New: Added a fallback for shops to use redirect download method as well in case force download method did not work.
  4. Solved: $screen null fatal with few plugins.

Important: With the release of this new version, the auto-update process for WooCommerce 5.5.1 mentioned in this blog post has been discontinued. If you are still running a version of WooCommerce that is not on the patched versions list, please update immediately to the highest version available in your release branch.

You can download the latest release of WooCommerce here or visit Dashboard → Updates to update the plugin from your WordPress admin screen.

As usual, if you spot issues in WooCommerce core, please log them in detail on GitHub. Found a security issue? Please submit a report via HackerOne.

Reposted from WooCommerce