New
Dependencies have been updated for improved security and stability
Bug Fixes
Backticks in MySQL table and column names are now properly escaped in migration SQL queries, thanks to 0nlymohammed via the Intigriti Bug Bounty program
Primary key resume state is validated against the table schema before being used in migration queries, thanks to 0nlymohammed via the Intigriti Bug Bounty program
Post type filters in migration row queries now use the WordPress database prepare method for correct SQL escaping, thanks to 0nlymohammed via the Intigriti Bug Bounty program
New
Dependencies have been updated for improved security and stability
Bug Fixes
Fixed CSRF vulnerability in file download handler, thanks to Nguyen Ba Khanh via Patchstack
New
Dependencies have been updated for improved security and stability
Bug Fixes
Various CSS fixes for WordPress 7.0 compatibility
Bug Fixes
Security: Improved security of the cache flush functionality by securing the endpoint required for pull migrations, thanks to security researcher Dmitrii Ignatyev
New
Dependencies have been updated for improved security and stability
Bug Fixes
The removal of temporary tables after a migration is cancelled is now more robust
Bug Fixes
Previously selected options are no longer reset when updating the connection info for a saved migration profile
The remote site no longer logs a "foreach() argument must be of type array|object, string given" warning during push migrations
"Implicitly marking parameter $wpdb as nullable is deprecated" warning introduced with PHP 8.4 is no longer logged
Note: On PHP 8.4, a related deprecation warning from the php-di library may still appear, this is intentional to maintain compatibility with PHP 5.6-7.4
Bug Fixes
- Mitigated file size errors on sites behind a Cloudflare proxy by adding "Content-Type: application/octet-stream" and "Cache-Control: no-transform" headers to file requests
New
Dependencies have been updated for improved security and stability
Bug Fixes
Notices about loading textdomains incorrectly are prevented
Bug Fixes
Export, push, pull, and backup commands initiated via WP-CLI once again operate without errors related to unknown column keys, fixing a regression introduced in version 2.7.1