2.5.14 was released today, with two adjustments:
- A bug was discovered in the mixed content fixer, where a match was found on http links across html elements when newlines were removed by optimization plugins. If a link element was found, but the href was https, it would match the first href=”http, which could be an external hyperlink.
It didn’t come up before, as it only causes an issue in a very specific set of conditions.
- The wp_rest_api was not forced over SSL yet with PHP. Although the .htaccess redirect should redirect any requests to https, NGINX servers won’t be able to use this. This has now been adjusted.