Categories
Core

Developer Advisory: New Download Handling May Cause Errors

tl;dr Recent updates that improve security around the handling of downloadable products may cause unexpected errors in some environments. The details WooCommerce currently supports three different download methods for downloadable products: Force Downloads X-Accel-Redirect/X-Sendfile Redirect Only (Insecure) Each of these methods can fail for a number of different reasons. Up until recently, WooCommerce attempted to […]

Categories
Core

WooCommerce 5.6 Release Schedule

About a year ago, we announced that we would be shifting to a monthly release cycle for WooCommerce core. As we mentioned in the past, this shift was part of a longer journey toward smaller, more frequent, and more stable releases, with fewer fix releases. As a general rule, our aim has been to publish […]

Categories
blocks Core

Developer Advisory: Critical Vulnerability in Multiple Versions of WooCommerce

tl;dr A critical vulnerability was detected in multiple versions of WooCommerce and the WooCommerce Blocks feature plugin.  Patches for each impacted version have been created and deployed automatically to vulnerable stores.. The details A security vulnerability in WooCommerce and WooCommerce Blocks was recently discovered and reported to us via our HackerOne security program by security […]

Categories
Core

Developer Advisory: Settings Page Infrastructure Refactor

tl;dr WooCommerce 5.5 will include an extensive refactoring of the settings pages infrastructure. While there are no breaking changes, there’s a new preferred way of structuring settings pages classes, and existing extensions that add their own settings should be tested extensively with the refactored infrastructure in place. The details The problem The settings pages in […]

Categories
Core Quality

Developer Advisory: WooCommerce 5.4 Temporarily Unavailable

tl;dr The recent release of WooCommerce 5.4 has been pulled from availability to limit the impact of a jQuery-related bug until a fix is available in version 5.4.1. The details WooCommerce 5.4, which was released yesterday, contains a jQuery-related bug that may break payment gateways by providing the wrong data type to a function. You […]