WooCommerce 4.1.1 Security and Fix release

WooCommerce 4.1.1 is now available! This is a fix release that contains some security improvements for downloadable files and other minor bug fixes.

Here’s the change-log for this release:

* Enhancement - Added notice about public uploads directory. #26207
* Tweak - Disallow directory listing in woocommerce_uploads when "Redirect only" is the selected download method. #26399
* Fix - Added correct handling of nonces to database update notice dismissal. #26500
* Dev - Updated WooCommerce admin version to 1.1.3 and Action Scheduler to 3.1.6.
* Dev - Add prop `isEnabled` and a function to dynamically enable tracks. #26493
**WooCommerce Admin**
* Tweak - Onboarding: Add Jetpack flow back to onboarding profiler. #4382
* Fix - Respect tracking opt-in before new page load. #4368
**ActionScheduler**
* Fix - Shutdown deprecated notice changed to a warning when as_* functions called without data store initialization. #546

We highly recommend updating WooCommerce to this version as soon as possible.

Download the latest release of WooCommerce here or visit Dashboard → Updates to update the plugin from your WordPress admin screen.


As usual, if you spot any other issues in the WooCommerce core, please log them in detail on GitHub. Found a security issue? Please submit a report via HackerOne.


One response to “WooCommerce 4.1.1 Security and Fix release”

  1. Updated staging and live server.Thanks for the fixes and tweaks! Keep up the good work!

Leave a Reply

Your email address will not be published. Required fields are marked *