WooCommerce 4.1.1 Security and Fix release

vedjain Avatar
vedjain

WooCommerce 4.1.1 is now available! This is a fix release that contains some security improvements for downloadable files and other minor bug fixes.

Here’s the change-log for this release:

* Enhancement - Added notice about public uploads directory. #26207
* Tweak - Disallow directory listing in woocommerce_uploads when "Redirect only" is the selected download method. #26399
* Fix - Added correct handling of nonces to database update notice dismissal. #26500
* Dev - Updated WooCommerce admin version to 1.1.3 and Action Scheduler to 3.1.6.
* Dev - Add prop `isEnabled` and a function to dynamically enable tracks. #26493
**WooCommerce Admin**
* Tweak - Onboarding: Add Jetpack flow back to onboarding profiler. #4382
* Fix - Respect tracking opt-in before new page load. #4368
**ActionScheduler**
* Fix - Shutdown deprecated notice changed to a warning when as_* functions called without data store initialization. #546

We highly recommend updating WooCommerce to this version as soon as possible.

Download the latest release of WooCommerce here or visit Dashboard → Updates to update the plugin from your WordPress admin screen.


As usual, if you spot any other issues in the WooCommerce core, please log them in detail on GitHub. Found a security issue? Please submit a report via HackerOne.

Keep yourself in the loop!

This field is hidden when viewing the form
This field is hidden when viewing the form
This field is hidden when viewing the form

One response to “WooCommerce 4.1.1 Security and Fix release”

  1. Daniel Avatar
    Daniel

    Updated staging and live server.Thanks for the fixes and tweaks! Keep up the good work!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *