WooCommerce 4.1.1 Security and Fix Update

On May 20 WooCommerce released a new update to fix some small security vulnerabilities and found bugs.

Fixes and enhancements

• Added notice about public uploads directory.
• Disallow directory listing in woocommerce_uploads when «Redirect only» is the selected download method.
• Added correct handling of nonces to database update notice dismissal.
• Updated WooCommerce admin version to 1.1.3 and Action Scheduler to 3.1.6.
• Add prop isEnabled and a function to dynamically enable tracks.

WooCommerce Admin

• Onboarding: Add Jetpack flow back to onboarding profiler.
• Respect tracking opt-in before new page load.

ActionScheduler

• Shutdown deprecated notice changed to a warning when as_* functions called without data store initialization.

Remember to create a backup before installing udpates.

(Picture courtesy of Yuri Samoilov)