Nexcess.comServers.comLiquidWeb.com

7.3.0

Tweak11 Fix4

Tweaks

  • Add Per-Content SSL toggle to the upcoming Block Editor interface.
  • Add filter to the recipients list for email notifications: "itsec_notification_{$notification}_email_recipients" and "itsec_notification_email_recipients".
  • Add define "ITSEC_DISABLE_TEMP_WHITELIST" to disable the Temporary IP Whitelisting for logged-in administrators.
  • Improve redirecting after processing a login interstitial from a front-end login form.
  • Add loopback IP detection to Security Check.
  • Detect Server IPs in Security Check.
  • Add additional safety checks when writing to system config files. This will log a "Critical Issue" when the writing of an empty or partial config file is detected and prevented.
  • Improve File Change locking to help prevent failing scans on sites with inconsistent cron scheduling.
  • Improve "System Tweaks – Suspicious Query Strings – SQLI" to reduce false positives.
  • Improve "System Tweaks – Disable PHP" to block PHP files in apache configurations that serve files with a trailing dot.
  • Remove "Seznam Bot" from HackRepair List as it isn't present in the latest version.

Fixes

  • Include Hide Backend token when emailing a password reset URL.
  • Notification Center. Only send notifications to users with an exact role match of selected roles instead of a fuzzy match based on selected capabilities.
  • Error when trying to edit reusable blocks with per-post SSL enabled.
  • Resolve warnings on PHP 5.2.