Solid Security
Changes
- Bug Fix: Handle WP_Error in login interstitial session creation to prevent fatal errors.
Fixes
- Race condition in file write could empty wp-config.php/.htaccess files.
Tweaks
- Updated branding from SolidWP to Kadence.
- QR code for 2FA is generated locally by default (the GD PHP extension is required), with a Kadence Security-hosted solution as a fallback.
Fixes
- Prevent email retry loops by ensuring the scheduled notification properties are saved.
Tweaks
- Update Patchstack details for existing vulnerabilities.
Tweaks
- Ensure generated Nginx config rules are valid for customized directory structures.
Fixes
- Vulnerable Software dashboard card didn't render properly.
- Firewall rules that depend on HTTP headers didn't work correctly in all cases.
- PHP Warning: Undefined array key 1 core/admin-pages/logs-list-table.php.
- Logs will appear in the correct order regardless of database version.
- PHP Warning: Array offset on value of type null core/modules/security-check-pro/class-itsec-security-check-pro.php.
Tweaks
- The Solid Security Basic and Solid Security Pro plugins can no longer be active at the same time.
- Config files now show "Solid Security" instead of "iThemes Security".
- Improved Database Backups dashboard widget when the feature is disabled.
- Clarify the 2FA onboarding email confirmation message.
- All Gutenberg blocks use API version 3.
Security
- Update the "tmp" npm package.
Features
- Send notification about new vulnerabilities found during manual scan.
Tweaks
- Show mitigated vulnerabilities and ensure all unresolved vulnerabilities are visible on the Site Scan page.
Fixes
- PHP notice about early translations loading on the settings screen.
Fixes
- Missing assets in release 9.4.0.