Call for Testing: Jetpack 13.3

Jetpack 13.3 is available now for testing and the download link is available here

Jetpack 13.3 will be deployed to VIP on Wednesday, April 17, 2024*. The upgrade is expected to be performed at 17:00 UTC (1:00PM ET).

*This deployment date and time are subject to change if issues are discovered during testing of the Jetpack release.

A full list of changes is available in the commit log.

What is being added or changed?

Enhancements

  • AI Assistant: Provide per-block quick actions to make them more relevant.
  • Blocks: “Earn” category renamed to “Monetize”.
  • General: Only show installation errors on Plugins page.
  • Jetpack AI: When the response includes a title and post title is empty, use provided title as post title.
  • Member login block: Add ability to hide manage subscription link.
  • My Jetpack: Trigger red bubble notification when a broken installation is detected.
  • Newsletters: Display Email settings on Newsletter settings page.
  • Newsletters: Ensure blog stats and top posts blocks do not render in email newsletters.
  • Newsletters: Reorder settings cards to improve hierarchy.
  • Newsletters: Use radio buttons instead of toggles on Email Settings.
  • Sharing: Add a Bluesky sharing button.
  • Sharing: add a Threads sharing button and a Threads sharing button block.
  • Sharing: Add Native (Web Share) button to Sharing Buttons block.
  • Sharing: Remove Like button from master bar.
  • Social: Add support for an SMS button.

Improved compatibility

  • Carousel: disable WordPress’ lightbox option when Jetpack’s Carousel feature is activated.
  • General: Remove methods that were deprecated before the release of Jetpack 10.0, in 2021.
  • SEO Tools: make the feature available on non-connected sites.
  • Subscriptions: Remove subscription settings from reading options page.

Bug fixes

  • Dashboard: Update the sharing button settings to clarify the available options (block or legacy sharing buttons).
  • Enhanced Distribution: begin deprecation process as the Firehose is winding down.
  • Paid Content Block: Fix subscriber view content not rendering in WordPress.com reader.
  • Sharing: avoid PHP warnings when using custom post types.
  • Sharing: fix the display of the sharing block in some classic themes.
  • SSO: Disable WordPress.com invitation functionality for non-connected users.

What do I need to do?

We recommend the below:

  1. Installing the release on your non-production sites using these instructions.
  2. Running through the testing flows outlined in the Jetpack Testing Guide.

As you’re testing, there are a few things to keep in mind:

  • Check your browser’s JavaScript console and see if there are any errors reported by Jetpack there.
  • Use Query Monitor to help make PHP notices and warnings more noticeable and report anything you see.

Questions?

If you have any questions, related to this release, please open a support ticket and we will be happy to assist.

WordPress 6.5.2 Maintenance and Security Release

Note: Due to an issue with the initial package, WordPress 6.5.1 was not released. 6.5.2 is the first minor release for WordPress 6.5.

This security and maintenance release features 2 bug fixes on Core12 bug fixes for the Block Editor, and 1 security fix.

Security backports were deployed for other major WordPress releases.

WordPress 6.5.2 is a short-cycle release. The next major release will be version 6.6 and is currently planned for 16 July 2024.

If you have any questions related to this release, please open a support ticket and we will be happy to assist.

Now Available: WordPress 6.5

WordPress 6.5 has been released. In keeping with WordPress version numbering convention, 6.5 is a major release.

WordPress 6.5 brings a number of enhancements, including:

  • Usability and performance updates to both the Site Editor and Post Editor
  • New APIs for greater development flexibility
  • Opt-in design tools for Classic Themes
  • All-new Font Library to manage fonts across the site

Learn more about the highlights of WordPress 6.5.

For more details about this release (including specific changes), please see the announcement post and Field Guide.

Questions?

If you have any questions related to this release, please open a support ticket, and we will be happy to assist.

Warning: VIP Dashboard Phishing Attack

Individuals have maliciously created fake but realistic-looking copies of the VIP Dashboard login screen. The screens aim to trick VIP customers into entering their genuine authentication credentials for GitHub or WordPress.com. This is a criminal technique known as “phishing”.

We include advice below on how to protect yourself and what to do if you may have fallen victim to this attack.

What to do if you suspect you have fallen victim to phishing for the VIP Dashboard

Hackers are experts at social engineering and trying to gain access to computer systems. Sometimes accidents happen, and the most important thing is to take immediate action to limit any damage they can do. The VIP team is here to help you if you are affected.

If you suspect you have fallen victim to these phishing attempts then please take the following steps.

  • Stop using the suspect website and do not enter any more information into it.
  • Raise an urgent ticket with our team as soon as possible. This will allow us to swiftly secure your account by resetting your login details and taking any additional necessary measures to protect your data and our systems.

Contact VIP’s Support team by creating a Zendesk Support ticket using one of the following methods:

Zendesk

Log in to the WordPress VIP Zendesk portal at wordpressvip.zendesk.com (carefully check the website address). Mark your ticket as urgent.

VIP Dashboard

  1. Access the VIP Dashboard at dashboard.wpvip.com (again, carefully check the website address)
  2. Select the button labeled “Help Center” located in the upper-right corner
  3. Select the tab labeled “Support”
  4. Mark your ticket as urgent

WordPress Admin Dashboard

  1. Access your WordPress Admin dashboard
  2. Select “VIP” from the left hand navigation menu of a site’s WordPress Admin dashboard. 
  3. Complete the fields in the form titled “Contact WordPress VIP Support”
  4. Mark your ticket as urgent
  5. Select the button labeled “Send Request“.

If you have provided any GitHub or WordPress.com login details on the phishing site, you will also need to immediately reset your GitHub credentials. We are unable to do this on your behalf, but we are happy to advise in the ticket. GitHub provides details on how to reset credentials in their Updating access credentials documentation.

How to protect yourself

When possible, use a known, safe way to access the VIP Dashboard: Access the VIP Dashboard either directly at this URL: https://dashboard.wpvip.com/ OR by a bookmark that uses that URL. Do NOT access the VIP Dashboard by searching through a search engine such as Google and clicking a link in the results.

Verify you are accessing the genuine site: When authenticating, carefully check the location in the browser to be sure that the domain exactly matches dashboard.wpvip.com.

Be wary of links in messages even if from a known contact: If a colleague or known contact sends you a link, hover over that link and carefully inspect that the domain is dashboard.wpvip.com before clicking it. Be especially wary of any email or message that creates a sense of urgency to log in, particularly if you are then required to authenticate.

Use a password manager: Password managers will check the website domain for you and fill in access details only if this check passes. Password managers also allow you to use very long complex passwords without requiring you to remember them. Password reuse should always be avoided; if you have used the same password on other sites, please go and reset it there as well, picking a unique password for each site.

Activate Multi-Factor Authentication (MFA) everywhere possible: The VIP Dashboard will enforce a final MFA check for all authenticating users, unless your organization uses our single sign-on (SSO) feature. We strongly recommend all your users configure MFA on their GitHub (GitHub MFA documentation) and on WordPress.com (WordPress.com MFA documentation) accounts if they have not done so already.

More advice is available in our documentation here: Security recommendations for users.

PHP 8.2 Update Timeline

Security support for PHP version 8.1 will end on November 25, 2024. As part of VIP’s continued focus on your application’s security, we are committed to ensuring all customers have updated to PHP 8.2 ahead of this date.  Below, you will find VIP’s PHP update timeline.

If customers have not updated their environments by the dates outlined, VIP will update the environments on the customer’s behalf. Please note that any updates made by VIP could result in issues if the proper customer testing has not been completed. If issues arise, we’ll do our best to assist where we can, but ask that you please test and deploy the update ahead of this schedule, to avoid any interruptions. This update cannot be deferred, and VIP is here to support you and your team as you work toward it.

VIP Timeline For Environments Not Yet On PHP 8.2

Tuesday, October 29, 2024
VIP Updates Non-Production Environments to PHP 8.2
VIP will begin updating all non-production environments that are not yet on PHP 8.2. We are proceeding with non-production environments first to provide customers time to address any issues that arise as a result of the update, before updating production environments.

Tuesday, November 12, 2024
VIP Updates Production Environments to PHP 8.2
VIP will begin updating all production environments that are not yet on PHP 8.2. After this date, working with your teams on post-update issues will be the priority. 

Earlier PHP Version Options Removed
The option to select PHP version 8.1 will be removed from the software management tool

Monday, November 25, 2024
PHP 8.1 End of Life
Security support for PHP 8.1 ends.

Let VIP Do The Heavy Lifting!

Instead of the do-it-yourself approach, focus on your key priorities while our experienced staff manage, validate, and implement your PHP update for you with the specific needs of your applications in mind. Maximize your team’s resources, improve site stability, and unlock peace of mind with our Upgrade Assurance Service. This is a popular new service that we offer, for both WordPress and PHP updates, so we recommend securing your spot early. If you’re interested in learning more, please connect with your Relationship Manager, or reach out to our Support Team.

Helpful Resources

Support
VIP is here to help along the way, and our Support team is always available to answer questions as you and your team work through the update. Please don’t hesitate to reach out if you need assistance.

Tooling
Your application’s software versions can be managed directly by you in the VIP Dashboard.

Documentation
We have helpful documentation available to guide you through preparing your application code for a PHP update.

PHP 8.3 is available!

In case you missed it, VIP announced the availability of PHP 8.3, in December 2023. We strongly encourage your team to stay ahead of the PHP update curve, and begin testing and updating to PHP 8.3 this year. 

Future PHP End-of-Life Dates

To better plan for the road ahead, please be aware of the current security support end-of-life (EOL) schedule for the following PHP versions. These dates are pulled from the official PHP schedule, here. VIP will continue to post to the Lobby with our updated timeline for each year, which will likely follow the same outline as shared above, wrapping up roughly 2 weeks ahead of the PHP date.

PHP Update Timelines

Deprecated PHP VersionVIP Version Update CompletePHP Security Support EOL
8.1November 12, 2024November 25, 2024
8.2November 24, 2025*December 8, 2025
8.3November 9, 2026*November 23, 2026
*Date is tentative

Parse.ly Plugin 3.14: New Release and Default Version

We are delighted to announce that the Parse.ly plugin version 3.14 will become available in VIP staging and production environments on Tuesday, March 12, 2024. Before using it in production, we recommend testing the new release in staging.

This release will become the default in production on Tuesday, March 19, 2024, and all non-pinned environments will be auto-upgraded to this version. These changes do not affect customers who don’t use wp-parsely, or use an integration method outside of mu-plugins.

What’s new

  • The new smart linking feature can automatically embed related links within a block or an entire post. It uses Parse.ly AI to identify the most relevant and high-performing content on your site, and automatically embeds them as links in the post. Not only does this save you time otherwise spent finding related content, but embedded links improve recirculation and increase traffic and engagement across your site. This feature is entirely opt-in, as are all our other AI features.
  • The new option to use full metadata for non-posts helps Parse.ly customers see metadata for non-posts in their Parse.ly dashboard. For questions or support on this new capability, please contact support@parsely.com.
  • New and improved look for the Content Helper! In the last few months we’ve introduced several pre-publishing tools that are powered by AI, and with this release we are making it easier for you to publish faster in one view, and see how your work is performing in another view. Our goal is to simplify and streamline your experience in the WordPress block editor so you can work more efficiently, and we hope this updated user interface will help with that!
  • To complement all this work, we made internal changes to enable our use of the latest version of the Parse.ly AI API, which should improve the quality of suggestions and also allow for additional features in the future.

Important Update: Changes to Email Sending Policy for Your VIP Applications

As part of our ongoing commitment to maintaining robust and secure email-sending practices, we want to communicate an important policy update that will affect how your applications send emails.

New Requirement: Domain Mapping and Verification 

To ensure the integrity and deliverability of emails sent from applications hosted on WordPress VIP, it is now mandatory for all sending domains to be verified and mapped through the VIP Dashboard. A domain must be mapped to the environment from which the emails are sent. Mails sent from unmapped and unverified domains will soon be rejected. 

For detailed guidance on mapping and verifying your domains, please visit: https://docs.wpvip.com/domains/verification/

Requirement: Domain SPF, DKIM, and DMARC DNS Configuration

As explained in previous communications (listed below), the primary changes required for email deliverability are the configuration of SPF, DKIM, and DMARC DNS records for each mapped & verified domain being used to send emails on VIP.

Phasing out: Header Rewrites

Up to now, for emails sent from your VIP environments using unmapped domains, we  have been rewriting the “FROM” header to `donotreply@wpvip.com` as a temporary measure. This was intended to provide some leeway while transitioning to the new requirements. However, to align with best practices and improve service standards, this will be phased out according to the following schedule:

  • Starting March 5 2024: Email sent from non-production VIP servers with unmapped domains  will be rejected.
  • Starting April 1 2024: We will extend this policy for all production environments, rejecting all email from domains that are not correctly mapped to VIP.

Action Required

To avoid disruption to your outgoing email, please ensure that you complete domain mapping and verification , as well as any required DNS security changes before the above-stated deadlines. 

Support and Questions

We understand that this policy update may require you to make specific changes to your current setup. Our team is fully prepared to assist you with a smooth transition. If you have any questions or need support, please feel free to open a support ticket, and we will be happy to help.