Pro v1.5.9 with security fixes and hardenings is available

Posted on 13 April, 2014

Category:

Pro-Version Releases
Attention: this is not the changelog for the latest stable version 4.28 (see related release notes)

In the last few days, the openssl heartbleed bug lead to a global awareness that IT security is essential nowadays. Maps Marker Pro (respectively our servers) were not affected by this bug, nevertheless delivering a secure plugin has always been a high priority in development.

With v1.5.8, the results from the second security audit by the City of Vienna were implemented and with this release, I did another security audit on my own to further improve the security of Maps Marker Pro.

As a result of this audit, some potential cross site scripting issues were also fixed. Please note that an attacker would have needed access to a WordPress admin user in order to exploit those and it would have been rather unlikely that an attacker would target Maps Marker Pro for e.g. defacing a site, when having access to a WordPress admin user would allow him to change template files or even get access to the database credentials in wp-config.php. Nevertheless, these low-critical issues are now fixed with v1.5.9.

Furthermore with v1.5.9, all communication with www.mapsmarker.com (e.g. plugin updates) is now done completely via SSL – please see below for more details.


Let me know what you think about this new release by submitting a review!

If you want to keep up to date with the latest Maps Marker development, please follow @MapsMarker on twitter (= most current updates), on FacebookGoogle+ or subscribe to news via RSS or via RSS/email.

I would also like to invite you to join our affiliate program which offers commissions up to 50%. If you are interested in becoming a reseller, please visit https://www.mapsmarker.com/reseller


Now let´s get to the highlights of pro v1.5.9:

Maps Marker Pro reseller program launched

If you are a web design/development and/or online marketing agency or developer would like to add another great service to your existing offer, you can resell the Maps Marker Pro plugin as your own to your own clients.

As a Maps Marker Pro reseller, you can add customers on your own and place orders on the customer’s behalf; at a 20% discounted price sheet rate. For each successful order the packages and assets will be provisioned to the resold customer account; while the order & invoice stay with the Maps Marker Pro reseller.

Furthermore you can whitelabel the plugin: this will remove all backlinks and logos on backend, rename menu entry “Maps Marker Pro” to “Maps” as well as making the pages and menu entries for Tools, Settings, Support and License visible to admin users only.

Please visit https://www.mapsmarker.com/reseller for more details.

plugin updates are now delivered via SSL

All communication with www.mapsmarker.com (check if a new plugin update is available, the download up the actual update, updates of your license key) is now done completely via an encrypted channel (SSL). This adds another security layer to the plugin as this prevents e.g. man-in-the-middle-attacks. Please report any issues!

With this step I also support the initiative resetthenet.org – for more details please see the following video:

update plugin-update-checker to v1.5

Shepherd found a plugin conflict with another premium plugin which could prevented you to see that there is a new Maps Marker Pro update available – many thanks for that! This is now fixed with v1.5.9. In case you are affected and do not see the newest update available, please open a support ticket and I will help you fix this.

Other optimizations and changes

  • show warning message if incompatible plugin “Root Relative URLs” is active (thx Brad!)
  • remove plugin version used from source code on frontend to prevent information disclosure
  • remove source code comment about Maps Marker Pro when “remove backlink” option is enabled

Bugfixes

  • fixed potential XSS issues (exploitable by admins only)
  • attribution for mapbox 2 basemap was wrong on marker and layer edit pages
  • WMS demo layer “Vienna public toilets” was not shown on KML view (fixed on new installations only to not overwrite existing custom settings)

Translations updates

Thanks to many motivated contributors, this release comes with the following updated translations:

  • Chinese translation thanks to John Shen, http://www.synyan.net and ck
  • Dutch translation thanks to Patrick Ruers, http://www.stationskwartiersittard.nl
  • German translation
  • Russian translation thanks to Ekaterina Golubina (supported by Teplitsa of Social Technologies – http://te-st.ru) and Vyacheslav Strenadko, http://poi-gorod.ru
  • Turkish translation thanks to Emre Erkan, http://www.karalamalar.net and Mahir Tosun, http://www.bozukpusula.com

If you want to contribute to translations (new Hindi translators would be appreciated!), please visit https://translate.mapsmarker.com/projects/lmm for more information. Please note that translators are also compensated for their contribution – for example if a translation is finished less than 50%, the translator gets a free 25 licenses pack worth €149 as a compensation for completing the translation to 100%.

Outlook – my plans for the next release

Please understand that I am not being able to promise any release dates for new features. The roadmap for major new features (support for Google Street View and support for filtering of layers on frontend) is still valid, I just would want to keep the flexibility to add optimizations and bugfixes with rather unplanned minor releases resulting mostly from users feedback.

Please also see the roadmap for a rough schedule for planned features and please subscribe to this blog (via RSS or Email) or follow @MapsMarker on twitter (= most current updates) if you want to stay up to date with the latest development news.

Full changelog

Maps Marker Pro reseller program launched – see https://www.mapsmarker.com/reseller for more details
show warning message if incompatible plugin “Root Relative URLs” is active (thx Brad!)
plugin updates are now delivered via SSL to prevent man-in-the-middle-attacks (supporting resetthenet.org – please report any issues!)
remove plugin version used from source code on frontend to prevent information disclosure
remove source code comment about Maps Marker Pro when “remove backlink” option is enabled
update plugin-update-checker to v1.5 (as it may conflict with other plugins using this library, resulting in no info about new updates – thx Shepherd!)
fixed potential XSS issues (exploitable by admins only)
attribution for mapbox 2 basemap was wrong on marker and layer edit pages
WMS demo layer “Vienna public toilets” was not shown on KML view (fixed on new installations only to not overwrite existing custom settings)
Translation updates
In case you want to help with translations, please visit the web-based translation plattform
updated Chinese translation thanks to John Shen, http://www.synyan.net and ck
updated Dutch translation thanks to Patrick Ruers, http://www.stationskwartiersittard.nl
updated German translation
updated Russian translation thanks to Ekaterina Golubina (supported by Teplitsa of Social Technologies – http://te-st.ru) and Vyacheslav Strenadko, http://poi-gorod.ru
updated Turkish translation thanks to Emre Erkan, http://www.karalamalar.net and Mahir Tosun, http://www.bozukpusula.com

show previous changelogs

How to download / update

The easiest way to update is to use the WordPress update process: login with an user who has admin privileges, navigate to Dashboard / Updates, select plugins to update and press the button “Update Plugins”.

The pro plugin checks every 12 hours if a new version is available. You can also manually trigger the update check by going to Plugins and clicking on the link “Manually check for updates” next to “Maps Marker Pro”:

check-for-updates-new

Additional update notes for beta tester

No additional action on plugin update required.