Share
For the release of Avada 5.7.2 we have fixed an XXS security issue about Avada versions 5.7.1 and below. The fix is for the bootstrap JS libraries that are used in Avada and is listed in our Changelog and also disclosed in our Important Update Info help file.
We recommend to keep your theme up to date and maintained at all times. It’s best to use auto updates and to also keep an eye on the Avada Patcher tool as we typically issue fixes and improvements within a short space of time without the need for a complete theme update.
Like WordPress and any entity that develops software, we understand that security is not absolute. It’s a continuous process and should be managed as such. We do our best to be as proactive as possible in preventing security issues, and we do not assume they’ll never come up. Our job is to quickly take care of them and work to get our customers notified and prepared. The description of the security issue identified and fixed is listed below:
Our development team was alerted to and thereby took action to check and verify the bootstrap vulnerability. Once accurately verified, our team took steps to apply the fix to Avada 5.7.2, which has been released. Confirmation of the changelog release that lists out the security fix, can be found here: Avada Changelog
What Should I Do Next?
We cannot stress enough the importance in making sure that your install is updated and maintained at all times. To ensure that your theme installation is issue free and the fix detailed above is applied, please update. These are our detailed update instructions:
It is also important to ensure that any patches our team releases between update cycles are applied as part of ongoing maintenance for your installation and that you always clear your cache plugins after an update.
Patches are applied at the click of a button as explained in our Avada Patcher help file.
Thank you to Morten Dalgaard for his dedication and communication, which benefits both Avada and the wider community as a whole.