Jetpack 4.0.4: Security Update, Bug Fixes and Improvements

Updated on April 26, 2017 - Carolyn S.

Jetpack 4.0.4 is now available for download and includes some important security updates, bug fixes, and improvements. We recommend that you update your sites to the latest version as soon as possible.

Jetpack – Supercharge your WordPress

Security Updates

We have a number of security updates this release:

  • Post By Email: added extra security to prevent unauthorized changes to Post By Email settings. Thank you to Yogesh Modi for the sensible disclosure of this issue.
  • Likes: fixed an XSS vulnerability in the Likes module. Thanks to Luciano Corsalini for their prompt disclosure of this issue.
  • REST API/Contact Form: fixed to ensure that submitted Feedback forms are not publicly available via the REST API. Thank you to Hugh Forsyth at United World Schools for alerting us to this issue.

Explore the benefits of Jetpack

Learn how Jetpack can help you protect, speed up, and grow your WordPress site. Get up to 50% off your first year.

Explore plans

Improvements

We’ve made improvements to the connection process when linking a Jetpack site to WordPress.com and have updated our debug process to make it easier for you to get in touch with our Jetpack Happiness Engineers.

A few more improvements in this release include:

  • Multisite: improved Jetpack Connection management in Jetpack’s Network Admin menu for multisite.
  • Photon: auto-generate additional srcset options, to improve responsive image support.
  • Protect: increased the default timeout to 30 seconds and added a new filter – jetpack_protect_connect_timeout, – to allow further customization of the Protect timeout from this default.

Bug Fixes

We’ve fixed a bug in the Jetpack Comments form where the comment form language was always set to English instead of the language used on the site. We’ve now updated this to use the language set on the site. Also updated is the Custom CSS module to properly handle slashes and quotes when saving your CSS in this module.

Those are just a few of the bug fixes in this release. The full changelog can be found on our plugin page.

A big thank you to everyone who contributed to 4.0.4 (a.k.a. “Release Definitely Found”):

Alex Kirk, Biser Perchinkov, Brandon Kraft, Christopher Finke, Daniel Walmsley, David Marshall, Elio Rivero, Eric Binnion, George Stephanis, Igor Zinovyev, James Nylen, Jeremy Herve, Matt Wiebe, Miguel Lezama, Sam Hotchkiss, Terence Eden, Timmy Crawford, Weston Ruter, and Rocco Tripaldi.

This entry was posted in Releases and tagged , , , , , , . Bookmark the permalink.
Carolyn S. profile
Carolyn S.

Bacon bacon bacon!

Explore the benefits of Jetpack

Learn how Jetpack can help you protect, speed up, and grow your WordPress site. Get up to 50% off your first year.

Explore plans

Have a question?

Comments are closed for this article, but we're still here to help! Visit the support forum and we'll be happy to answer any questions.

View support forum

  • Enter your email address to follow this blog and receive news and updates from Jetpack!

    Join 112.8K other subscribers

  • Browse by Topic