1.23.13 - 22/Nov/2023
- FIX: An issue that prevented incremental backups from running via WP-CLI or Cron when the option to backup mu-plugins was enabled but no mu-plugins existed
- FIX: OneDrive remote storage authentication was giving the error "Invalid input."
- FIX: The option to back up additional, user-chosen files (i.e. the morefiles entity) was no longer present in the UI
- TWEAK: Remove unused "migrator-lite.php" string during search and replace operations
- TWEAK: Replace remaining hardcoded text domain with UPDRAFTCENTRAL_TEXT_DOMAIN placeholder within the central folder
- TWEAK: LiteSpeed admin dashboard warning is now displayed upon completion of migration on the destination site, even after dismissing the message on the source site.
- TWEAK: Do not show UpdraftPlus news in the WordPress events and news widget section without first gaining user consent
- TWEAK: Change order of checks when seeing if cPanel is present/accessible for asking about disk quota in order to prevent unwanted an PHP notice when safe_mode is active
- TWEAK: Prevent potential fatal error if something has modified an updates check's 'translation' property to be invalid before passing on to UpdraftPlus
- TWEAK: Update bundled cacert.pem file
N.B. Paid versions of UpdraftPlus Backup / Restore have a version number which is 1 higher in the first digit, and has an extra component on the end, but the changelog below still applies. i.e. changes listed for 1.23.1.x of the free version correspond to changes made in 2.23.1.x of the paid version.
1.23.11 - 03/Nov/2023
- SECURITY: Fix a vulnerability which could, if you had Google Drive storage enabled, and if an attacker targetted a logged-in administrator on your site and persuaded them to access a specific URL that the attacker creates, add the attacker's own Google Drive account to the saved storage methods. Thanks to Nicolas Decayeux of Patrowl for finding and disclosing this issue.
- FEATURE: Add JSTree for Google Drive to select existing folder
- FEATURE: The "Must-use plugins" backup entity can be backed up and restored separately in a normal WordPress site
- FIX: OneDrive folder case sensitivity issue (successfully uploaded backup files to the remote storage but failed in pruning old backup files due to different letter capitalisation; also happened in manual deletions)
- FIX: When two instances of WebDav remote storage were sequentially added in the Premium version, filling some fields of the latest instance would break the WebDav URL of the previous instance
- TWEAK: Update phpseclib library from version 1 to 2. As previously advised, this also means that these features (Database Encryption, Dropbox & SFTP/SCP remote storage, and UpdraftCentral key creations) will no longer be available and can cause a fatal error when running on PHP 5.2
- TWEAK: Add a link to Trustpilot in the review prompt
- TWEAK: Added a warning message when the WPHTTPBLOCK_EXTERNAL is defined and set to true
- TWEAK: Added the "Copy to clipboard" button under the self-hosted central option
- TWEAK: File size is shown when pressing on the backup entity
- TWEAK: Fix the restore dialog to not display "plugins" checkbox when only there's "mu-plugins" entity
- TWEAK: Fixed PHP 8.2 deprecation messages caused by a null value being passed to the rtrim() function
- TWEAK: Resolve PHP deprecations for the dynamic property access by declaring the variables in the class
- TWEAK: Includes the plugin.php file path if "getmuplugins" function does not exist.
- TWEAK: Provide default options for function UpdraftPlus::backup_all()
- TWEAK: Add and call the litespeed_finish_request() function to ensure the HTTP connection made from the browser gets closed immediately without having to wait the process to complete thus leaving it run in the background
- TWEAK: Ensure no PHP "Class not found" is showing up during credentials testing
- TWEAK: Add type checking in UpdraftPlus::handleurlactions() to prevent plugin conflicts causing PHP errors on PHP 8+
N.B. Paid versions of UpdraftPlus Backup / Restore have a version number which is 1 higher in the first digit, and has an extra component on the end, but the changelog below still applies. i.e. changes listed for 1.16.32.x of the free version correspond to changes made in 2.16.32.x of the paid version.
1.23.8 - 08/Aug/2023
- FEATURE: Given the basic migration feature in the free plugin
- FIX: Content-MD5 and any V2-related headers were always included in the S3's V4 SignedHeaders even though the headers were not presented in a HTTP request
- FIX: Generating URL-encoded queries for a canonical request should have used a method/mechanism which encoded query values according to RFC 3986 (for consistency and for not breaking the code)
- FIX: Search / replace database not working on Admin dashboard > Settings > UpdraftPlus Backups > Advanced Tools > Search / replace database on PHP 8.2 due to stricter type checking
- FIX: A newly added subsite that was restored from a normal site to the multisite was not listed in the site list in the multisite
- FIX: Manual deletion of backup sets appeared to skip some files when multiple instance and/or remote storage were in use
- FIX: The SFTP remote storage stopped working in the UpdraftPlus 2.23.6 release. Reverted the change "TWEAK: Validate SFTP key field on credential test and before save"
- TWEAK: Add a warning in the log file if AWS connection fails and a TLSv1.2 connection test fails
- TWEAK: Add warning for user if only PclZip available
- TWEAK: Fix unable to switch tab when a plugin (wrongly) loads certain CSS onto UD's settings page
- TWEAK: Remove the word 'apparently' in the backup success message
- TWEAK: Update to latest phpseclib 1.0.X version (prevents deprecation notice on PHP 8.1+)
- TWEAK: Change "s3" property to "public" in UpdraftPlusAWSRequest class for PHP 8.2 deprecation compatibility [https://source.updraftplus.com/team-updraft/updraftplus/-/mergerequests/1481]
- TWEAK: Fixed Missing/ broken links for the pCloud image in addons tab
- TWEAK: Buying UpdraftClone tokens through inline checkout
- TWEAK: Fixed Spelling errors in updraftplus repo
- TWEAK: Added save button at the top of setting tab content
- TWEAK: UpdraftCentral module now, by default, overwrites the same existing theme installed on the remote sites (if any), regardless of what version is currently installed or what version being uploaded and installed
- TWEAK: Define class properties in UpdraftCheckoutEmbed class for PHP 8.2 deprecation compatibility
- TWEAK: Update the composer package yahnis-elsts/plugin-update-checker for PHP 8.2 compatibility
- TWEAK: Added username and email details for authenticated dropbox account in updraftplus settings
- TRANSLATIONS: Split sentences to make one sentence in any translation functions
UpdraftPlus Changelog
N.B. Paid versions of UpdraftPlus Backup / Restore have a version number which is 1 higher in the first digit, and has an extra component on the end, but the changelog below still applies. i.e. changes listed for 1.16.32.x of the free version correspond to changes made in 2.16.32.x of the paid version.
- TWEAK: Remove the incremental dropdown on incremental backup restore when the user selects only the database to restore
- TWEAK: Validate SFTP key field on credential test and before save
- TWEAK: Remove the unused UpdraftPlus_S3::getHttpUploadPostParams() method.
- TWEAK: Fix pCloud deprecated warning in PHP 8.2
- TWEAK: Fix Google Cloud deprecated warning in PHP 8.2
- TWEAK: Fix Google Drive deprecated warning in PHP 8.2
- TWEAK: Fix pCloud deprecation warning in PHP 8.2
- TWEAK: Fixed issue with cron jobs not clearing after wiping settings
- TWEAK: Added link to WP-Optimize in the database size tab in the advanced tools
- FIX: Search / replace database not working on Admin dashboard > Settings > UpdraftPlus Backups > Advanced Tools > Search / replace database on PHP 8.2 due to stricter type checking
- TWEAK: Fixed Missing/ broken links for the pcloud image in addons tab
N.B. Paid versions of UpdraftPlus Backup / Restore have a version number which is 1 higher in the first digit, and has an extra component on the end, but the changelog below still applies. i.e. changes listed for 1.16.32.x of the free version correspond to changes made in 2.16.32.x of the paid version.
1.23.4 - 16/May/2023
- SECURITY: Fixed a missing nonce combined with a URL sanitisation failure, which could lead to a targetted XSS opportunity (if an attacker persuades a logged-in administrator to both re-authorise their connection to a remote storage (e.g. Dropbox) and then to follow a link personally crafted for their site before re-authorising whilst logged in, he can then store a fixed JavaScript payload in the WP admin area (they would need a further route to use that ability to cause any damage). Because of the need for the administrator to co-operate in multiple steps, this attack is very unlikely (but you should of course still update).
- FIX: DigitalOcean S3-compatible storage does not work with disabled SSL entirely where possible settings.
- FIX: If there was an error or network connectivity issue on first attempt of uploading a plugin/theme file, then the second attempt of uploading the same file would make the file become corrupted thus resulting in installation failure.
- COMPATIBILITY: Suppress htmlspecialchars deprecation warnings on PHP 8.1
- COMPATIBILITY: Suppress some PHP 8.2 deprecation notices from use of ${} style variables, and others from use of dynamic properties
- TWEAK: Handle web hosting company setup that disabled pclose() but not popen()
- TWEAK: All HTTP requests to the Google Drive API now, by default, forces to use HTTP/1.1 version. Also, a constant named UPDRAFTPLUSGDRIVECURLHTTPVERSION can be set in the wp-config.php file to change the default HTTP version to another preferred version
- TWEAK: Improve 'move' and 'copy' filesystem functions in restoring directories containing files to a different mount point/partition than where they reside
- TWEAK: Improve files pruning mechanism, by not repeating already-done ones when resuming deletions
- TWEAK: Improve the Handlebars templates of the Google Drive, Dropbox and UpdraftVault remote storage modules by taking PHP code out of them
- TWEAK: Improve widget layout when decrypting a backup
- TWEAK: Remove Boostrap CSS in Restore Wizard and replace with Flexbox CSS
- TWEAK: Add multisite subsites header information to the database backup file that will be used for converting a network subsite to a standalone normal WordPress site
- TWEAK: Add the UpdraftPlus plugin slug header to the database backup file
- TWEAK: Include next-level-up directory path along with deleted folder's name when deleting a folder
- TWEAK: Update seasonal notices
- TWEAK: Make common logic for getting backup history from the database
- TWEAK: Remove usage of the filegetcontents() function from WebDAV remote storage without chunking upload
- TWEAK: Pass through some previously unhandled Dropbox error codes
- TWEAK: Added the "non-core" word to the WordPress database tables excluded warning.
- TWEAK: Remove WordPress core tables from the non-core WordPress database tables excluded list in restoration step 2
- TWEAK: When migrating the www site, the search replace will be performed in database tables on the non-www domain too, and vice versa
N.B. Paid versions of UpdraftPlus Backup / Restore have a version number which is 1 higher in the first digit, and has an extra component on the end, but the changelog below still applies. i.e. changes listed for 1.16.32.x of the free version correspond to changes made in 2.16.32.x of the paid version.
1.23.1 - 08/March/2023
- FEATURE: Support Cloudflare R2 as a generic S3 storage provider (always use v4 signature)
- FEATURE: Added the ability to get an accurate row count for all tables in the advanced tools
- FEATURE: Expose an option in the UI to disable chunked uploading when using WebDAV remote storage (previously required a constant)
- FEATURE: Add the ability to anonymize WooCommerce order data when cloning a site
- FIX: An over-ride enforcing use of V4 signatures on Aliyuncs S3 storage was no longer working
- FIX: pCloud error handling in chunked uploading did not pass the error message up to the logging layer
- FIX: Backups started under WP-CLI could not backup the database only without any files
- FIX: Couldn't add any file/directory inclusion for "Other" entity due to access to one directory up from the current (ABSPATH) isn't permitted
- FIX: Atomic restore is not renaming a few tables when not restoring specific tables by using the filter updraftplus_restore_this_table.
- FIX: Sometimes the "delete old directories" notice displayed even though the actual -old directory didn't exist
- FIX: The restore point date time was incorrect in the restore screen when restoring the incremental backup, and the WordPress site has a non-GMT timezone set.
- TWEAK: Improve manual rescanning and deletion of backup sets by setting up a time limit to a value defined in UPDRAFTPLUSSETTIME_LIMIT constant to minimise chances of getting fatal error (maximum execution time exceeded)
- TWEAK: Add a filter updraftplusmysqldumparguments to allow changing of arguments passed to the mysqldump binary when that is being used
- TWEAK: Include PHP version in default S3 user agent to aid debugging
- TWEAK: Disable Gravatar on UpdraftClone
- TWEAK: Cleanup .list.tmp files when a cloud backup completes
- TWEAK: Use the function that lists our own cron schedules to simplify the way backup intervals are prepared and to avoid schedules mismatch
- TWEAK: Improve manual deletion of backup sets by setting up a time limit to a value defined in UPDRAFTPLUSSETTIME_LIMIT constant to minimise chances of getting fatal error (maximum execution time exceeded)
- TWEAK: Improve the Handlebars template of the S3-Compatible (Generic) remote storage by taking PHP code out of it
- TWEAK: Increase max_recursion value to 20 in class-search-replace.php
- TWEAK: Add a new function that lists our own cron schedules so that it can later be used as schedules sorting purpose also as a main source from which our schedules list is originated
- TWEAK: Display Google drive email address along with account holder name
- TWEAK: Fixed WebDAV PHP 8.1+ deprecated warnings
- TWEAK: Updated text message displayed on Web Server - Localhost UC Dashboard Key Creation.
- TWEAK: Use nonce in every part of a restoration process to prevent direct access that has allows an unwanted log file to be begun. On sites running on end-of-lifed PHP versions (<8.0) it was possible to read the beginning of the log file, causing an unintended information disclosure about the server environment, e.g. Apache version, PHP version and available memory (but current PHP versions are not vulnerable).
- TWEAK: Use nonce when starting a new restoration and strengthen the continuation process to prevent direct access that has the potential of being file and/or log abuse
- TWEAK: Improve the WebDAV storage module API in regard to the way it handles uploading and writing files
- TWEAK: Replace the word "Directory" with "Folder" in UI notices
= 1.22.24 - 14/Dec/2022 =
* FEATURE: Support PHP 8.2 in UpdraftClone
* FEATURE: pCloud protocol support (Premium)
* FIX: Add missing support for custom Dropbox app refresh tokens
* FIX: After sending email report, other emails that follow would contain leftover data from the previous email report
* FIX: Javascript hook that is used to show "Automatic backup before update" dialog box when pressing "Install Update Now" button on the WP Plugins page had made the same button on WP Updates page not respond to a press
* FIX: Potentially not storing the size of new files in the backup history
* FIX: Pressing "Rescan remote storage" using WebDAV can show an error message
* FIX: Prevent a fatal error when logging PHP events using the exported "central" folder on the remote site
* FIX: Prevent an error that occurs on WordPress 6.1 when managing and creating post/page from UpdraftCentral
* FIX: Prevent fatal error when rescanning if internal directory was unusable
* TWEAK: Ability to permanently dismiss Litespeed warning
* TWEAK: Add admin notice to inform the user to upgrade their PHP to version 5.3 or higher due to changes in phpseclib requirements in future releases
* TWEAK: Add "#[\ReturnTypeWillChange]" attribute to Google Drive API for suppressing PHP 8.1 deprecation notices
* TWEAK: Add the ability to anonymize personal data in the database backup when using migrator
* TWEAK: Advise users if files in the plugin are missing
* TWEAK: Discourage page caches from caching UpdraftClone intermediate pages
* TWEAK: "Dismiss from main dashboard" button sometimes doesn't work
* TWEAK: Fix missing FTP admin notices when clicking on other remote storage method
* TWEAK: Hive off the AWS S3 SDK into a separate plugin (UpdraftPlus now always uses its own, more lightweight, SDK) - https://github.com/DavidAnderson684/updraftplus-aws-sdk
* TWEAK: Improve the Handlebars template of the Amazon S3 remote storage by taking PHP code out of it
* TWEAK: Improve the Handlebars template of the DreamObjects remote storage by taking PHP code out of it
* TWEAK: Improve wording in plugin by removing ambiguous wordings
* TWEAK: Increase the Google Cloud (Premium) downloading minimum chunk size for faster downloads
* TWEAK: In Premium / Extensions tab add notices for AIOS and Easy Updates Manager
* TWEAK: Log the list of blocks that failed to re-assemble in Microsoft Azure.
* TWEAK: Make the Google Drive downloading algorithms adapt to available memory - cut the total download time by 2/3 in testing
* TWEAK: Prevent a PHP notice upon UpdraftClone startup
* TWEAK: Prevent deprecation notice on PHP 8+ if opening a zero-size zip file
* TWEAK: Replace the use of $_SERVER['SERVER_NAME'] variable with network_site_url() function because the array key is not defined in WP-CLI and might not be defined on some server-side cron tasks, resulting in a PHP log message
* TWEAK: Set a global context for $wp_file_descriptions context so that it gets assigned to correctly, preventing a subtle visual change in the theme editor
* TWEAK: Use built-in logging for WebDAV
* TWEAK: WP Rocket - disable CDN upon migration completion for multisite since key will be invalid
UpdraftPlus Changelog
UpdraftPlus changelog catalogues all the latest updates from the world's most popular and highly rated WordPress backup pluginupdraftplus.com
N.B. Paid versions of UpdraftPlus Backup / Restore have a version number which is 1 higher in the first digit, and has an extra component on the end, but the changelog below still applies. i.e. changes listed for 1.16.32.x of the free version correspond to changes made in 2.16.32.x of the paid version.
1.22.20 - 05/Sep/2022
- FEATURE: Restore the "upload immediately after creation" feature that was turned off whilst misbehaviour was investigated; fixes have been applied.
- FIX: Prevent premature removal of zip manifest files
- TWEAK: Improve the Handlebars template of the OpenStack (Swift) remote storage by taking PHP code out of it
- TWEAK: Do not run out-of-place "SET @@GLOBAL.GTID_PURGED" statements upon restore
UpdraftPlus Changelog
UpdraftPlus changelog catalogues all the latest updates from the world's most popular and highly rated WordPress backup pluginupdraftplus.com
* TWEAK: Suppress pre-loading of phpseclib libraries, which has exposed fatal-error inducing bugs in a handful of unmaintained third-party plugins and themes
* TWEAK: Increase the number of conditions for which attempts to access an S3 bucket will result in more logging