Toolset Types 3.4.18 – Minor Security Update


March 9, 2023

We’ve just released Toolset Types 3.4.18. This release addresses a minor security issue, as well as a warning issue related to PHP 8.

The security issue fixed in this version is related to file imports, where files were not properly removed after a failed import. This issue is minor because it could only be performed by an administrator user.

If your server’s control panel (i.e. Plesk) or security plugins have flagged Toolset Types 3.4.17, there’s no need to worry. As mentioned, it’s more of an annoyance than a security risk and can be easily fixed by updating to the latest version.

Additionally, we fixed an issue with a warning about private final methods on PHP 8.

How To Update Your Site?

Toolset Types 3.4.18 has been released to all sites already and you should see the update on the Plugins page in the WordPress admin.

If by any chance you don’t see it there, go to Plugins Add new and click the Commercial tab. On the page that loads, click Check for updates and then update Types to 3.4.18.

Of course, if you want to update manually, you can also download Toolset Types 3.4.18 from your account’s Downloads page.

Comments? Feedback?

Leave us a comment below if you have any questions or concerns.


Comments 6 Responses

  1. Hi Dario,
    Effectively, I’ve been warned by Wordfence that there was a vulnerability issue with the previews Types version.
    Thanks for proposing this evolution, but I don’t understand why this is not managed automatically (as normally, new version are downloaded with the WordPress update process). As it is for security, I was hoping that this could be updated by this way but it seems this is not the case as I need to do it and log in all sites to make it.
    Any idea?

    • Hi, Pat! Sorry for the late reply, we had some issues with the comment notifications.

      About the releases… This release has been immediately sent to 100% of the sites using Toolset. So, the only delay there that could happen is that it takes up to 24 hours for this change/update to be propagated to all the sites.

      So, if in the announcement we said we released a version to all clients, you will be able to get the update through the WordPress update process. If you don’t see it, check again after a few hours, but in 24 hours you should definitely see it. If not, please contact us.

      However, please note that this is different for Toolset releases that we release in batches. For example, we might release it only to %10 of the sites. This is to make sure the release is bulletproof and doesn’t cause any issues (if any big issues are reported we can pause the release and fix them). So, when we release Toolset gradually, you will not see the update via the WordPress update process until the release hits 100% of sites (i.e. we release it to everyone). However, you can force this manually by going to Plugins > Add New page, then Commercial tab and finally clicking “Check for updates” button.

  2. FYI, I got an email from Wordfence this morning and they are still publicizing this as “unpatched.”

    • Hi, Susan! Sorry for the late reply, we had some issues with the comment notifications.

      Thanks for letting us know. I think this should definitely be resolved by now. Let us know if it’s not. Thank you!

    • Hi, Alan! Sorry for the late reply, we recently had some issues with comments notifications.

      Thanks for pointing this out and sorry for the confusion. I just update the post to add the bit about the PHP 8 warning, it’s this:
      – We fixed an issue with a warning about private final methods on PHP 8.