Categories
WooCommerce Core

WooCommerce 3.5.7 security release

WooCommerce 3.5.7 is now available. Since this release contains fixes to harden security, we encourage you to update your sites as soon as possible.

~4 commits made it into this release and the full changelog is below. The security patch patches against potential XSS.

* Security - Improved the way in which state fields are regenerated by JavaScript to ensure values are properly escaped.

Download the latest release of WooCommerce here or venture over to Dashboard → Updates to update your plugins from WordPress.

As usual, if you spot any other issues in WooCommerce core please log them in detail on Github, and to disclose a security issue to our team, please submit a report via HackerOne here. Comments on this post are closed.

By Mike Jolley

Mike Jolley is a PHP and JavaScript developer who contributes to open source projects including WordPress and WooCommerce. He lives with his wife and child near Cambridge in the UK.