8.4.1 – 2024-03-21 – Timothy Jacobs, Lisa Canini, Jared Hill
Security: Fix a Google reCAPTCHA v3 bypass.
Important: “Automatic (Insecure)” IP detection has been removed. Read more: https://go.solidwp.com/firewall-features-not-available
Tweak: Block repeated session hijacking attacks from the same device even if the user has not specifically blocked the attacker’s device. Previously, subsequent attacks after the first block would have their capabilities reduced.
Tweak: Remove the “Accept-Language” and “DNT” header from the list of sources for Trusted Devices.
Tweak: The Updater library has been updated to 1.8.4. The list of Patchstack licensed domains have been removed from the SolidWP licensing page.
Bug Fix: Fix the Trusted Devices “Approve” link in Outlook mail clients.
Bug Fix: The “Privilege Escalation” tab would not appear in a user’s profile unless Passwordless Login was enabled.