Categories
Core

WooCommerce 4.1.1 Security and Fix release

WooCommerce 4.1.1 is now available! This is a fix release that contains some security improvements for downloadable files and other minor bug fixes.

Here’s the change-log for this release:

* Enhancement - Added notice about public uploads directory. #26207
* Tweak - Disallow directory listing in woocommerce_uploads when "Redirect only" is the selected download method. #26399
* Fix - Added correct handling of nonces to database update notice dismissal. #26500
* Dev - Updated WooCommerce admin version to 1.1.3 and Action Scheduler to 3.1.6.
* Dev - Add prop `isEnabled` and a function to dynamically enable tracks. #26493

**WooCommerce Admin**
* Tweak - Onboarding: Add Jetpack flow back to onboarding profiler. #4382
* Fix - Respect tracking opt-in before new page load. #4368

**ActionScheduler**
* Fix - Shutdown deprecated notice changed to a warning when as_* functions called without data store initialization. #546

We highly recommend updating WooCommerce to this version as soon as possible.

Download the latest release of WooCommerce here or visit Dashboard → Updates to update the plugin from your WordPress admin screen.


As usual, if you spot any other issues in the WooCommerce core, please log them in detail on GitHub. Found a security issue? Please submit a report via HackerOne.

1 reply on “WooCommerce 4.1.1 Security and Fix release”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.