Create WordPress themes with beautiful OOP code and the Twig Template Engine
Details The vulnerability could be exploited if your website processes user file inputs (like a form upload) or sideloaded images directly with one of the Timber image operations like Resize, Letterbox, Retina, ToJpg or ToWebp without prior checks whether the uploaded files are really images. We couldn’t replicate the vulnerability in a default WordPress installation, where a user uploads files through the media library. But there could be cases where your website might be vulnerable if a user can upload files in another way.
[!IMPORTANT] This vulnerability only exists for websites running on PHP 7.4.
timber/cache/transient_key
filter to cache methods for transient key used for caching (#2878) (b347677)timber/image_helper/sideload_image/basename
filter for sideloaded images basename (e4ff72f)timber/output/pre-cach
filter to $output
before it is cached (#2910) (d1356fd)User::is_current()
and User::profile_link()
methods (#2924) (b048da8)$prefs
only (99219a9) and (2834fd4)MenuItem
(#2905) (7e00eeb)acf_get_field_type
void errors (441ef9e)PostIterator::last_post()
nullable (#2918) (064dde7)Timber\URLHelper
(#2877) (664ea62)Full Changelog: https://github.com/timber/timber/compare/2.0.0...v2.1.0
Details
The vulnerability could be exploited if your website processes user file inputs (like a form upload) or sideloaded images directly with one of the Timber image operations like Resize, Letterbox, Retina, ToJpg or ToWebp without prior checks whether the uploaded files are really images. We couldn’t replicate the vulnerability in a default WordPress installation, where a user uploads files through the media library. But there could be cases where your website might be vulnerable if a user can upload files in another way.
[!IMPORTANT] This vulnerability only exists for websites running on PHP 7.4 or lower.
Timber\PostPreview::read_more
to accept a boolean value by @gerardo-rodriguez in https://github.com/timber/timber/pull/2578
Full Changelog: https://github.com/timber/timber/compare/1.24.0...1.24.1
Details
The vulnerability could be exploited if your website processes user file inputs (like a form upload) or sideloaded images directly with one of the Timber image operations like Resize, Letterbox, Retina, ToJpg or ToWebp without prior checks whether the uploaded files are really images. We couldn’t replicate the vulnerability in a default WordPress installation, where a user uploads files through the media library. But there could be cases where your website might be vulnerable if a user can upload files in another way.
[!IMPORTANT] This vulnerability only exists for websites running on PHP 7.4 or lower.
Full Changelog: https://github.com/timber/timber/compare/1.23.0...1.23.1
[!WARNING] Important information about Timber v1 With the release of Timber 2.0, we will not work on Timber v1 anymore. Please upgrade to Timber v2 as soon as you can.
In Timber v2, Composer is the only supported installation method. We are unable to continue releasing or supporting Timber as a plugin on WordPress.org. We advise everyone to switch to the Composer based install of Timber 1 as a first step.
For more information and a list of additional resources, please visit this https://github.com/timber/timber/discussions/2804.
Full Changelog: https://github.com/timber/timber/compare/1.23.0...1.24.0
Timber 2.0 is a big update. There are a lot of breaking changes. You need to thoroughly test your websites in your local development environment before update your live websites.
You can install Timber 2.0 by following the Installation Guide. When installing Timber through Composer, you need to require the 2.0.0
version:
composer require timber/timber:^2.0
In case you find errors, please open an issue. In case you’re stuck or have questions, create a discussion.
For information on what’s new in Timber 2.0, follow the Upgrade Guide.
Timber 2.0 is not available as a WordPress plugin anymore, but will only be available as a Composer package. If you’re still using the plugin version of Timber 1.0, you might want to switch to the Composer version first. You can find more information about this in the following links:
Here’s what’s changed since the last 2.0.0-rc.1 release. (Full Changelog: https://github.com/timber/timber/compare/2.0.0-rc.1...2.0.0)
master
branch to 1.x
and made 2.x
the default branch.fields
value when returning terms from query by @jrathert in https://github.com/timber/timber/pull/2806
ExternalImage::build()
by @jrathert in https://github.com/timber/timber/pull/2818 and @nlemoine in https://github.com/timber/timber/pull/2825
$filters
instead of $functions
by @niclm in https://github.com/timber/timber/pull/2799
Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.
This release coincides with the final version to the WordPress.org site. To streamline future support and upgrades, the Timber Team is focused on Composer as the formal release channel.
With the upcoming release of Timber 2.0, we will not release a 2.0 version and beyond as a plugin, but only as a Composer package. We advise everyone to switch to the Composer based install as soon as possible.
Full Changelog: https://github.com/timber/timber/compare/1.22.1...1.23.0
This is the first Release Candidate of the new Timber 2.0 version. Please test this version thoroughly. In case you find errors, please open an issue. In case you have questions, create a discussion.
If you want to stay updated on the next steps, subscribe to Roadmap for Timber 2.0.
You can try out the next Timber version by following the Installation Guide. When installing Timber through Composer, you need to require the 2.0.0-rc.1
version:
composer require timber/timber:2.0.0-rc.1
Here’s what’s changed since the last 2.0.0-beta.2 release. For information on what's new in version 2.0, please see the Upgrade Guide
Post
by @nlemoine in https://github.com/timber/timber/pull/2750
Timber\Term::build()
by @gchtr in https://github.com/timber/timber/pull/2754
PostFactory::is_image
incorrectly using wp_check_filetype
by @stayallive in https://github.com/timber/timber/pull/2730
the_post
hook runs twice on each post in a loop by @gchtr in https://github.com/timber/timber/pull/2756
|time_ago
didn’t consider timezones correctly by @gchtr in https://github.com/timber/timber/pull/2758
is_local
and is_external
by @mcaskill in https://github.com/timber/timber/pull/2767
is_local
and is_external
by @gchtr in https://github.com/timber/timber/pull/2782
Full Changelog: https://github.com/timber/timber/compare/2.0.0-beta.2...2.0.0-rc.1
Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.
This is the second beta of the new Timber 2.0 version. A release candidate should follow before summer. If you want to stay updated on the next steps, then subscribe to the Roadmap for Timber 2.0 issue.
You can try out the next Timber version by following the Installation Guide. When installing Timber through Composer, you need to require the 2.0.0-beta.2
version:
composer require timber/timber:2.0.0-beta.2
In case you find errors, please open an issue. In case you have questions, create a discussion.
Here’s what’s changed since the last 2.0.0-beta.1 release.
get_term_link()
compatibility in Timber\Term
by @mcaskill in https://github.com/timber/timber/pull/2701
can_edit()
permission checks for Term, User, Comment and Menu classes by @gchtr in https://github.com/timber/timber/pull/2676
AllowDynamicProperties
attribute by @mcaskill in https://github.com/timber/timber/pull/2698
Timber\Request
class by @gchtr in https://github.com/timber/timber/pull/2683
Term::get_term_from_query()
function by @gchtr in https://github.com/timber/timber/pull/2664
Timber\Image::is_image()
method by @gchtr in https://github.com/timber/timber/pull/2669
Full Changelog: https://github.com/timber/timber/compare/2.0.0-beta.1...2.0.0-beta.2
Do you love using Timber for your projects? Consider supporting us by becoming a sponsor. Your sponsorship helps us maintain & improve Timber for everyone! 💚🌲 Join the Timber family today.
Full Changelog: https://github.com/timber/timber/compare/1.22.0...1.22.1
This resolves issues with a prior deploy of 1.21.0 to WP.org by correctly targeting the versions of Twig and PHP.
Full Changelog: https://github.com/timber/timber/compare/1.21.0...1.22.0