WordPress 5.8.3 is a short-cycle security release, and has been pushed out to all VIP sites running 5.8. The security patch has also been back-ported to sites running older WordPress versions.
This security release features four security fixes.
If you have any questions, related to this release, please open a support ticket and we will be happy to assist.
WordPress 5.8.1, a security release, has been pushed out to all VIP sites running 5.8. The security patch has also been back-ported to sites running older WordPress versions (5.5-5.7).
This security release features 41 bug fixes on Core, as well as 20 bug fixes for the Block Editor.
To see a full list of changes, you can browse the list on Trac, or visit the 5.8.1 documentation page.
For more details about this release (including specific changes), please see the announcement post and release notes.
If you have any questions related to this release, please open a support ticket and we will be happy to assist.
A network problem in our Los Angeles datacenter affected a subset of infrastructure between 19:52 and 20:00 UTC. For sites with their origin in Los Angeles and with containers in the affected area of the data center, elevated rates of 503 errors and timeouts for uncached content would have been noticeable. At this time the cause has been identified and service levels are back to normal.
If you have any questions related to this incident, please open a support ticket and we will be happy to assist.
On Thursday, April 15, 2021, the third-party service Codecov.io notified users of a security update following a security incident. Upon learning of this incident, the VIP team began immediate investigations to determine if our platform or any customer applications were affected.
At this time we have not found any evidence of this vulnerability within the VIP platform or customer application repositories.
However, Codecov have sent individual notices to those in the affected user group. If you are in this affected group, please review your CI configurations and rotate any keys which may have been compromised.
If you have any questions related to this notice, please open a support ticket and we will be happy to assist.
WordPress 5.6.2, a maintenance release, has been pushed out to all VIP sites running WordPress 5.6 that were not locked to a specific version.
This maintenance release features 5 bug fixes affecting WordPress 5.6.1. To see a full list of changes, you can browse the list on Trac, read the 5.6.2 RC1 post, or visit the 5.6.2 documentation page.
For more details about this release (including specific changes), please see the announcement post and release notes.
If you have any questions related to this release, please open a support ticket and we will be happy to assist.
As shared in our November 2020 announcement, VIP is actively working to deprecate the Gutenberg Ramp plugin. To facilitate this, we have proactively opened Pull Requests against individual customer repos and branches for each environment, which replaces the Gutenberg Ramp functionality with simplified WordPress Core filters.
During testing of these Pull Requests, we have identified a bug in the Core filter (details below). While we are actively working to mitigate this issue, both on the VIP platform, and within Core, we are delaying the deprecation from February 3 to February 22, 2021. This includes delaying the previously planned merging of outstanding Pull Requests to February 17.
We have identified an issue affecting any post types that do not support the Block Editor, such as attachments, and certain custom post types. The current Core Filter, use_block_editor_for_post, will attempt to use the Block Editor for all post types, and does not check for Block Editor support. This results in an error on the WordPress Dashboard when attempting to edit these posts. This issue does not affect front-end display.
We have reported the bug within WordPress Core and have provided a patch to implement a check for Block Editor support.
As an immediate fix, we are implementing the following patch to vip-go-mu-plugins:
add_filter('use_block_editor_for_post', function( $can_edit, $post ) { if ( ! post_type_supports( $post->post_type, 'editor' ) ) { return false; } return $can_edit; }, 999, 2 );
For those customers who have proactively tested and merged the Pull Requests, no additional action is needed. The above immediate fix will mitigate any potential conflicts.
For those who have not yet acted on the Pull Requests, we will be opening follow-up tickets via Zendesk both as a reminder, and to help answer any question you may have about this deprecation. We do still ask that you test and action these changes according to your development workflows. This is required in order to maintain current functionality when Gutenberg Ramp has been removed.
According to our updated timeline, all outstanding Pull Requests will be merged on February 17, 2021. Deprecation will follow on February 22, 2021.
Thank you so much to those who have had the opportunity to test and action the changes, and helped to identify this bug. As always, if you have any questions or concerns please feel free to open a support ticket.
Resolved: GitHub is reporting resolution of performance issues, and all services operating normally. All VIP services should be operating as expected at this time. If you experience any further issues, please reach out to us directly at vip-support@wordpress.com.
Update: GitHub has deployed a fix and is monitoring recovery. We are continuing to monitor the situation. (17:32 UTC)
We are aware of ongoing performance issues on GitHub which are affecting some VIP sites. The issues may affect code deploys. We are monitoring the situation, and will follow up with another alert once this is resolved.
We will continue to update this post and tweet out status updates from @wpvipstatus until the issue is resolved. You can also subscribe for updates directly from GitHub regarding this incident here:
https://www.githubstatus.com/incidents/phnch1rww464
If you have any questions, or are experiencing any issues, please email vip-support@wordpress.com.
(02:23 UTC) Update: We have confirmed that any and all impacted domains have had a certificate successfully re-issued.
(00:17 UTC) Update: It was incorrectly reported that this action was complete. At this time the re-issuing of certs is ongoing.
We’ve completed the reissuance of Let’s Encrypt certs affected by the Let’s Encrypt announcement on March 3rd, 2020.
Due to the 2020.02.29 CAA Rechecking Bug 2.8k, we unfortunately need to revoke many Let’s Encrypt TLS/SSL certificates. We’re e-mailing affected subscribers for whom we have contact information.
No action is needed on the part of VIP clients using Let’s Encrypt certificates. The VIP Team was notified by Let’s Encrypt, and began reissuance of the affected certificates. At this time, the reissuance has been completed.
If you have any questions, please open a support ticket and we’ll be happy to assist.
WordPress VIP Lobby 