I wanted to give you a quick update on our progress with the Patchstack report analysis. Our team has been doing a deep dive into the findings, and I have some clear results to share:
Gravity Forms: We have confirmed this is a false alarm. Our investigation (and coordination with our partners) shows that Gravity Forms is not vulnerable, despite what the initial report suggested.
During our internal audit of the report, we identified a specific edge case involving The Events Calendar. While it wasn’t the main focus of the report, we are going to address it. We are already working on a fix, and a new update will be released shortly.
Once the update is out, we will coordinate with Patchstack to ensure the report reflects that everything is fully patched.
It’s also important to note that this vulnerability is marked as Low Priority by Patchstack, so your site remains secure while we finalize the update.
I’ll keep you posted!
Kind regards, Plamen, Head of Customer Experience and Support
Hi @phristanov Thanks for your feedback. However, I think you might be addressing a different issue here, we are talking about NitroPack plugin itself and not Gravity or The Events calendar as you can see in link below. It is NitroPack plugin do you have any update on this?
We have officially released the new version of NitroPack, which addresses the security report. The update has been fully reviewed and approved by PatchStack, and they will be updating the public report too to reflect that the issue is resolved in this latest version.
How to update:
Automatic/Manual Update: You can now update the plugin directly through your WordPress dashboard. We recommend this as the easiest way to ensure you are on the latest version.
Thank you for your patience while we worked to ensure the report was fully addressed.
Please let me know if you need any assistance with the update!
