• Resolved francoc30

    (@francoc30)


    Hi,
    I have not enabled Auto-Update for all my plugins, including Ninja Form. But somehow Ninja Form updated itself for version 3.6.11 from 3.6.10 in both my production and dev sites. What has changed? How can I prevent it from happening again?
    None of my other plugins auto-updated.

Viewing 15 replies - 1 through 15 (of 16 total)
  • This also happened to me. Has Ninja Forms pushed an update for security reasons or something? Not seeing any communication about it.

    Same thing here, lots of sites auto updated.
    I have never enabled Ninja Forms auto updates.
    Do we need to configure/change anything to prevent this from ever occurring again?

    Same for me, i’ve been surprised to receive an auto-update notification. I hope it’s not a security issue.

    Same issue, downgraded to 3.6.9 to be able to have HTML in labels (another bug / issue). But is force upgraded to 3.6.11.

    Looks like a forced update from the WordPress.org/Plugins/Security team:

    In extreme situations, the Plugin Review Team and the WordPress Security Team may determine a plugin issue is great enough that it must be updated for all users. This is exceptionally rare, as the potential for conflicts is high.

    https://developer.wordpress.org/plugins/wordpress-org/plugin-security/#automatic-plugin-security-updates

    All the best
    Torsten

    I have the same problem. In my case, it’s upgrading to 3.5.8.4

    The updates are for every version which has changed the required WP version to let nobody left out without a fix. Just look at the changelog and the term ” * Apply more strict sanitization to merge tag values” and you see every version affected:
    https://wordpress.org/plugins/ninja-forms/#developers

    All the best
    Torsten

    @zodiac1978 I uploaded a php file that contains
    add_filter( 'auto_update_plugin', '__return_false' );

    to wp-content/mu-plugins then restored a backup
    I hope that’s an adequate workaround.

    This will prevent “even forced security pushes from the WordPress security team”. For a rollback this is okay, but you only should disable these kind of updates if you monitor your site on a daily basis and know what you do.

    See https://wordpress.org/support/article/configuring-automatic-background-updates/#plugin-theme-updates-via-filter for details.

    Plugin Support curtisbrownlee

    (@curtisbrownlee)

    Apologies for the surprise update. We’ll be posting more detailed information on our blog soon. We recently patched a potential security vulnerability that required updates to all recent branches of Ninja Forms. Due to that requirement, we needed to run the update through the WordPress plugin team to secure branches prior to 3.6.

    If you’re currently experiencing issues with HTML in-field labels, this is a side effect of recent security work. We’re working on reenabling that now and should have a (voluntary) update available to correct in a few business days’ time. We’re very sorry for the inconvenience, but thank you for your patience.

    Brian

    (@briansteeleca)

    3.6.11 has broken my form – even a simple contact form won’t load.

    I’m getting the following JavaScript error:
    https://share.getcloudapp.com/5zurwvGO

    I’ve tried disabling all other plugins and it’s still failing.

    Is anyone else having this issue?

    Brian

    (@briansteeleca)

    The problem was a duplicate variable name introduced by Ninja Forms and also used in my theme.

    David’s post solved the issue for me. This may or may not work for you depending on what plugins/theme you use.

    I spent hours with my hosts tech support trying to figure out how this plugin was being auto-updated even though it wasn’t enabled. This article explains why WordPress forced the update. I could have saved a lot of time if Ninja Forms support team told me in their response rather than making me search for it on my own.

    • This reply was modified 2 weeks, 3 days ago by Brian.

    Since the update, all radio buttons appear twice below each other: a small radio button, above it a larger radio button. This makes the contact form very unattractive. Will this also be fixed soon?

    dajanas

    (@dajanas)

    When will this be fixed?

    Plugin Contributor Justin McElhaney

    (@jmcelhaney)

    I’m sorry to hear you are experiencing this. This update was pushed due to a security issue. https://ninjaforms.com/blog/security-update-june-2022/

    Can you update your Ninja Forms plugins to their latest versions and let me know if you continue to have issues?

    If you are still seeing issues, can you contact our official support (https://ninjaforms.com/contact) so we can take a closer look at your issue?

Viewing 15 replies - 1 through 15 (of 16 total)
  • You must be logged in to reply to this topic.