If you use WP Super Cache to speed up your site, update to the latest version as soon as possible to patch critical security holes. The latest v1.4.5 update fixes a XXS vulnerability and prevents PHP object injections, among other bug fixes and enhancements. Here’s the complete changelog:
- Enhancement: Only preload public post types. Props webaware.
- Added an uninstall function that deletes the config file. Deactivate function doesn’t delete it any more.
- Possible to deactivate the plugin without visiting the settings page now.
- Fixed the cache rebuild system. Rebuild files now survive longer than the request that generate them.
- Minor optimisations: prune_super_cache() exits immediately if the file doesn’t exist. The output of wp_cache_get_cookies_values() is now cached.
- Added PHP pid to the debug log to aid debugging.
- Various small bug fixes.
- Fixed reset of expiry time and GC settings when updating advanced settings.
- Removed CacheMeta class to avoid APC errors. It’s not used any more.
- Fixed reset of advanced settings when using “easy” settings page.
- Fixed XSS in settings page.
- Hide cache files when servers display directory indexes.
- Prevent PHP object injection through use of serialize().
Again, update this plugin as soon as possible.