As Leaflet Maps Marker runs on your server, delivering a secure product is very important to us.
24 hours ago, we were contacted by Akamai who performed a intensive security review of Leaflet Maps Marker and found 3 potential XSS vulnerabilities. Although the exploitability was reported to be pretty low, we immediately started working on this release, fixing these issues. Many thanks especially to Chad from Akamai for the responsible disclosure!
An update to the latest version is – as always and in this case particularly – highly recommended.
Let me know what you think about this new release by submitting a review!
If you want to keep up to date with the latest Maps Marker development, please follow @MapsMarker on twitter (= most current updates), on Facebook, Google+ or subscribe to news via RSS or via RSS/email.
Now let´s get to the other highlights of free v3.9.9:
add support for displaying maps in bootstrap tabs
Maps are now also displayed properly when loaded in bootstrap tabs (as well as jQuery UI tabs which is already supported since v3.6.2).
Other changes and optimizations
- optimized install- and update routine script (less database queries needed)
- 3 potential XSS vulnerabilities discovered by Akamai – many thanks for the responsible disclosure!
Thanks to many motivated contributors, this release includes updates to the following translations:
- Norwegian (Bokmål) translation thanks to Inge Tang, http://drommemila.no
- Russian translation thanks to Ekaterina Golubina (supported by Teplitsa of Social Technologies – http://te-st.ru) and Vyacheslav Strenadko, http://poi-gorod.ru
If you want to contribute to translations (new Hindi translators would be appreciated!), please visit https://translate.mapsmarker.com/projects/lmm for more information.
Please note that translators are also compensated for their contribution – for example if a translation is finished less than 50%, the translator receives a free 25 licenses pack worth €149 as a compensation for completing the translation to 100%.
Unfortunately there is currently one issue that cannot be resolved directly within Leaflet Maps Marker:
With WordPress 4.2, Emoji support was added. Unfortunately there is an open bug (details) which can result in frozen maps or crashes on Internet Explorer – so WordPress 4.2, 4.2.1 and 4.2.2 are affected. According to the related trac ticket, a fix is already available and will hopefully be deployed soon with WordPress 4.2.3.
As workaround until WordPress 4.2.3 is available you can only disable Emojis at the moment for maps to also work properly in Internet Explorer.
We am really sorry for this issue, but this is beyond our influence – we already contacted the guys & ladies at WordPress and hope that the fix for the Emoji/SVG bug will be available soon.
Outlook – plans for the next release
Please see the roadmap for a rough schedule for planned features of the pro version and please subscribe to this blog (via RSS or Email) or follow @MapsMarker on twitter (= most current updates) if you want to stay up to date with the latest development news.
|add support for displaying maps in bootstrap tabs|
|optimized install- and update routine script (less database queries needed)|
|3 potential XSS vulnerabilities discovered by Akamai – many thanks for the responsible disclosure!|
In case you want to help with translations, please visit the web-based translation plattform
|updated Norwegian (Bokmål) translation thanks to Inge Tang, http://drommemila.no|
|updated Russian translation thanks to Ekaterina Golubina (supported by Teplitsa of Social Technologies – http://te-st.ru) and Vyacheslav Strenadko, http://poi-gorod.ru|
|Internet Explorer can crash with WordPress 4.2 to 4.2.2 due to Emoji conflict (details) – planned to be fixed with WordPress 4.2.3, workaround until WordPress 4.2.3 is available: disable Emojis|
How to download / update
The easiest way to update is to use the WordPress update process: login with an user who has admin privileges, navigate to Dashboard / Updates, select plugins to update and press the button “Update Plugins”. Alternatively you can also download the current version here, unzip the package and overwrite the plugin´s files on your webserver.