Jetpack 2.9.3: Critical Security Update

Jetpack version 2.9.3 contains a critical security update, and you should update your site and any you help manage as soon as possible. You can update through your dashboard, or download Jetpack manually here.

During an internal security audit, we found a bug that allows an attacker to bypass a site’s access controls and publish posts. This vulnerability could be combined with other attacks to escalate access. This bug has existed since Jetpack 1.9, released in October 2012.

Fortunately, we have no evidence of this being used in the wild. However, now that this update is public, it’s just a matter of time before exploits occur. To avoid a breach, you should update your site as soon as possible. (The vulnerability has been disclosed on the MITRE Common Vulnerabilities and Exposures system as CVE-2014-0173.)

This is a bad bug, and Jetpack is one of the most widely used plugins in the WordPress world. We have been working closely with the WordPress security team, which has pushed updates to every version of the plugin since 1.9 through core’s auto-update system. We have also coordinated with a number of hosts and network providers to install network-wide blocks to mitigate the impact of this vulnerability, but the only sure fix is updating the plugin.

Over the next few hours, we will reach out to individuals whose sites are still running an insecure version. Sites that don’t update may be disconnected from the Jetpack service for their own security, and will be able to reconnect as soon as their version of Jetpack is updated.

If you host a large number of Jetpack-powered blogs, please leave your contact information in the comments so we can be in touch in the future. We have prepared and shipped point releases for all eleven vulnerable branches of the Jetpack codebase: 1.9.42.0.6, 2.1.4, 2.2.7, 2.3.7, 2.4.4, 2.5.2, 2.6.3, 2.7.2, 2.8.2, and 2.9.3. If you can force these upgrades for your hosted users, it will prevent their sites from being compromised.

Finding and fixing bugs is a key part of software development. I can’t promise there will never be another issue like this, but I can promise that when a problem is found we will do everything in our power to protect as many people as possible, as quickly as possible. We care deeply about each and every WordPress user.

Posted in Releases | 92 Comments

Jetpack 2.9

Jetpack 2.9 is out! We’ve got a few exciting new additions — Multisite support, a Related Posts module, and a more secure Single Sign On — along with many smaller improvements and bug fixes.

Manage all your Multisite connections with one login

Logging in to each blog on a Multisite network to connect and configure Jetpack can be time consuming. Now, you can administer them all from one master account. When network-activating Jetpack, you’ll see a new Jetpack > Settings tab in your Network Admin. From here, you can manage all your blogs’ connections, control whether individual blog admins can reconnect with their own account, and designate which Jetpack modules are activated by default.

Make your site stickier with Related Content

The Related Posts module encourages your visitors to stick around longer by displaying links to additional content on your site related to what they’re currently viewing. Usually, analyzing website content to suggest relations eats up precious server resources. By utilizing the power of WordPress.com, the Related Posts module gives visitors more of what they came for while keeping your server resources freed up.

Sample Related Posts

More security with Single Sign On

The Single Sign On module already gives you peace of mind against compromised user accounts because WordPress.com handles all the authentication for you — your site never touches the user’s private credentials. This release takes security a step further by giving site administrators the ability to require users to have Two-Step authentication enabled on their WordPress.com account before they can log in.

Posted in Releases | Tagged , , , , | 47 Comments

Jetpack 2.8: Introducing Markdown and Improving Monitor

We’re thrilled to announce that our latest update is out the door! Jetpack 2.8 includes improvements to Jetpack Monitor and also introduces a brand new Markdown module.

Jetpack Monitor Module Card

Improved Jetpack Monitor notifications

Multiple users can now receive Jetpack Monitor email notifications. As an admin user linked to WordPress.com, you can opt in to receive these notifications right from your dashboard. Just navigate to the Jetpack page, find the Monitor module card, and click on Configure. Then, check the “Receive Monitor Email Notifications” setting and save your changes. Now if your site ever goes down you will receive notifications to your WordPress.com linked account email!

Write more efficiently with Markdown

Since introducing Markdown on WordPress.com, we’ve had a lot of requests to bring it over to Jetpack. Well, queue the trumpets, start the drumroll, Markdown is here!

For those who don’t know, Markdown is a quick way to add formatted text without writing out any HTML. Markdown lets you compose links, lists, and other styles using regular characters and punctuation marks. If you want a quick, easy way to write and edit rich text without having to take your hands off the keyboard or learn a lot of complicated codes and shortcuts, then Markdown might be right for you. We do strongly suggest sticking with the “Text” tab in the Editor when using Markdown.

Here is an example of Markdown in the text editor:

Markdown in text editor

And here is that same Markdown converted to HTML in the Reddle theme:

Markdown converted to HTML in Reddle

Isn’t that pretty awesome? You can check out the announcement post over at WordPress.com for more information about Markdown and see our Markdown support page.

Publicize Support for Custom Post Types

For our developer friends out there, we’ve added Publicize support for custom post types, allowing you and your clients to automatically post new entries from any CPT to your social media networks. You’d need to make one small tweak in the code defining the CPT—just add 'publicize' to the CPT’s 'supports' array.

For example, to enable the title, editor, Publicize, and Jetpack’s new support for Markdown: 'supports' => array( 'title', 'editor', 'publicize', 'wpcom-markdown' ),

As always, if you notice any issues with this release, just give us a shout over at the forums or send us a message through our contact form. Thank you for flying with Jetpack!

Posted in Releases | Tagged , , , , , | 29 Comments

Jetpack 2.7: Share your content on Google+

We recently released a slew of Google+ integrations for WordPress, and mentioned that Google+ Publicize support would be coming soon to Jetpack users. Publicize makes it easy to share your new posts on other social networks (like Facebook and Twitter). Using it is a great way to build your readership and expose your content to new audiences.

Well, the wait is over — we’re excited to announce that you can now share your latest content on your Google+ Profiles and Pages!

Improved overall performance

Jetpack 2.7, which has just been released, adds Publicize to your site. In order to connect your account(s), head to your dashboard, then go to Settings → Sharing. Clicking on the “Connect” button next to the Google+ logo will prompt you to authenticate your account. Once you have, you can start enjoying the benefits of publishing your content to Google+ — just make sure that you’ve enabled the Publicize module.

Jetpack 2.7 also contains multiple bugfixes and other little features. You can view a full changelog of these updates by visiting this page.

We hope you enjoy Jetpack 2.7!

Posted in Features, Releases | Tagged , , | 44 Comments

New Release: Jetpack 2.6

After two months of silence, here comes Jetpack 2.6! Chock-full of enhancements and goodness, we can’t wait for you to try it out.

New Modules: Single Sign On and Jetpack Monitor

Single Sign On replaces the previous WordPress.com Connect module, added in 2.4. Improving on the WPCC module’s setup process, Single Sign On takes one click to activate, then you’re off to the races! It will also streamline subsequent log ins, as you’ll no longer need a manual approval at sites where you’ve previously been authenticated.

Our other new module, Jetpack Monitor, is an uptime monitor that will check your site every five minutes. If it ever looks like your site is down, we’ll fire off an email to give you a heads-up. Easy, right?

We’ve also included a pile of other enhancements. We’ve switched the code editor in our Custom CSS module, and bundled new filters, new custom post types, and new widgets. We’ve added performance improvements across many modules, as well as support for WP-CLI. We now also make sure that your Publicize connections haven’t expired in the background as you write.

We’re tremendously proud of our latest release, and hope you’ll give it a shot.

- The Jetpack Team

Eight automatticians swimming in the carribean

The Jetpack Team recently spent a week collaborating on the awesomeness of this release down in Puerto Rico! Interested in joining us? You should apply!

Posted in Releases | 25 Comments

Jetpack 2.5: Google Integration, VideoPress, and Facebook Embeds

In the latest update to Jetpack, we have some exciting new features to share with you including integration of Google services and products, adding VideoPress to our list of modules, and the ability to embed your Facebook updates into your blog posts. Let’s take a closer look at each of these new features!

(more…)

Posted in Releases | Tagged , , , , | 38 Comments

Jetpack 2.4: Widget Visibility and WPCC (and more!)

We’ve got a great update for you all including two new modules, three new shortcodes, and some updates and fixes to your favorite Jetpack modules!

(more…)

Posted in Releases | Tagged , | 12 Comments

Jetpack 2.3.5: Share Your Path Moments with Publicize

Jetpack 2.3.5 is out and contains an update to our Publicize feature! Our Publicize feature is a quick, simple way to build your readership and share your latest content automatically on other social networks, including Facebook, Twitter, Tumblr, and LinkedIn.

Working with our good friends at Path, we’re excited to announce that you can now connect your WordPress blog and Path account. Once connected, when you create new content on your site, a Path “moment” will also be created, with a link back to your site.

Read the Path announcement on WordPress.com to find out more.

Posted in Features, Releases | 6 Comments

Jetpack 2.3.2 and 2.3.3

Hello Jetpack community,

This week, we released versions 2.3.2 and 2.3.3 of Jetpack.

(more…)

Posted in Releases | 7 Comments

Jetpack 2.3: Omnisearch, Social Links, and DIY Debugging

Version 2.3 of Jetpack has launched! New features like Omnisearch, Social Links, the Debugger, and more give you powerful, simple ways to customize and administer your Jetpack-powered site.

Ominsearch

Omnisearch

Omnisearch: one search box, global results. Don’t waste time digging for that one comment with the useful link — or was it a post you saw it in? Search once and get results from all of your posts, pages, comments, and plugins.

It’s also incredibly simple to let other plugins offer search results for when a user does a search. Do you have a plugin to build forms? Let Omnisearch provide your users with relevant points of contact from their visitors. Shopping cart plugin? Use it to find individual orders or products. Omnisearch is easy to extend via WordPress’s native Filters API to create a comprehensive search experience within your Dashboard.

Social Links

Social Links

Are you using a theme that supports Social Links? Now, you can configure your social icons directly from the Customizer (just make sure you’ve connected your social services using Publicize first).

Debugger

Debug Module

Debugging your Jetpack connection has never been easier. Activate the Jetpack Debugger, find out why Jetpack isn’t working for you, and submit a help request directly from your Dashboard. Our support folks can see the test details, helping them hone in on the issue more efficiently.

Other Enhancements

In addition to these features, you can now customize the “submit” button text on contact forms, as well as captions used by slideshows

(We’ve also spent a lot of time fixing bugs. For a complete list of changes, take a look at the changelog.)

If you’re already running Jetpack, head to your dashboard to update to 2.3. Otherwise, download Jetpack today!

Posted in Features, Releases | Tagged , , , , , | 15 Comments
Follow

Get every new post delivered to your Inbox.

Join 58,225 other followers