Skip to main content

Pantheon release notes

Your destination for staying informed about our latest innovations and product updates.
February 27, 2024

We've recently modified the Pantheon wrapper around the WP-CLI executable to solve a number of interrelated issues that customers may have previously been experiencing and/or using workarounds to solve. We recommend reviewing your site's logs and resolve any PHP notices or warnings.

Problem

  • Our WP-CLI wrapper included a hard-coded --url flag for all wp commands run on the platform (via Terminus, e.g. terminus remote:wp or terminus wp, or internal workflows that relied on WP-CLI like flushing cache or viewing the Status page in the dashboard).
  • For WordPress Multisites, the hard-coded --url flag pointed to the Pantheon platform domain (*.pantheonsite.io) instead of the actual domain of the site resulting in errors and the command failing unless executed manually (via Terminus with the correct --url flag attached).

Solution

  • We have implemented a solution that checks if a site is a WordPress Multisite. If so, we remove the hard-coded --url flag, allowing WP-CLI to operate normally.
  • This change does not affect workflows that are properly passing the --url flag to WP-CLI commands via terminus (e.g. terminus wp <site>.<env> -- plugin list --url=<url>). Any WP-CLI flags passed after the -- in the terminus wp command will be passed through to and interpreted by WP-CLI.
  • This change means that many sites that were previously unable to view their full Status page will now be able to do so, and flushing site cache via the button in the Pantheon dashboard on sites that previously were unable to or had errors in doing so should now work as expected. Any other workflows or processes that relied on WP-CLI will also benefit from this change.

Recommended action

This change may also expose PHP notices and warnings that were previously being hidden due to WP-CLI failing commands. We recommend reviewing your site's logs and working to resolve any PHP notices or warnings that you see.
February 21, 2024

The latest versions of PHP 8.x are now available on the Pantheon platform. PHP 8.1.27, 8.2.16, and 8.3.3 are all bug fix releases. No action is required on your part if you are using one of these PHP versions (8.1, 8.2 or 8.3).

February 20, 2024

We're thrilled to announce the availability of WP-CLI v2.10.0 on the Pantheon platform.

WP-CLI is easily accessible for any WordPress site on Pantheon through our CLI, Terminus. Manage your WordPress installations efficiently with the power of WP-CLI at your fingertips.

Highlights

  • New i18n "make-php" command: This new command lets site owners take advantage of WordPress Core's "Performant Translations" project even before it is released with WordPress Core.
  • Adds minor and patch limitations to theme updates: Now, like plugins, themes can be updated only to their latest minor or patch releases
  • Bug fixes: WP-CLI 2.10.0 fixes "a lot of small and not so small bugs" with more than 200 pull requests merged.

For those who love diving into the details, we encourage you to explore the detailed WP-CLI changelog.

January 31, 2024

The latest version of WordPress, 6.4.3, became available on Pantheon as of January 30, 2024.

Highlights

  • Security updates: Addressed two security vulnerabilities, including a PHP file upload bypass (limited to administrators), and a object injection mechanism that could be used to exploit an existing Remote Code Execution (RCE) vulnerability. Since this release fixes security vulnerabilities, users are urged to upgrade their sites immediately. For a detailed analysis of the two security patches, see this article from Patchstack.
  • 5 bug fixes in Core
  • 16 bug fixes in the Block Editor

Upgrade to WordPress 6.4.3 right from your Pantheon dashboard or Terminus for added security.

January 25, 2024

As we embark on a new year, we're excited to unveil a transformation. This January marks the introduction of Pantheon release notes, a rebranding of our changelog. Our aim is to elevate your platform experience by providing even more valuable insights into product updates.

What's new?

  • Enhanced visibility: Discover our improved interface with added tags to each release note, indicating their category and whether action is required. This feature ensures quick insights at a glance, making your navigation smoother.
  • Filter functionality: Explore the convenience of our newly integrated filter functionality, allowing you to tailor your release note view based on specific tags. This feature ensures you get information that's most relevant to you.

What’s coming up?

Get ready for a streamlined and more dynamic experience with Pantheon release notes. We're committed to keeping you in the loop every step of the way, ensuring you stay informed about the latest.

  • Frequent updates: Say goodbye to waiting for a monthly summary. We're shifting from the monthly retrospective model to publishing a release note for each significant update, providing you with real-time information.
  • Proactive communication: This change supports more proactive communication. Now, any noteworthy change will be marked here, complementing other channels like blog posts and emails.

What lies ahead?

This is just the beginning! Stay tuned for more enhancements down the road as we continue to refine and elevate your Pantheon experience.

We appreciate your continued support and look forward to a year filled with collaborative success.

January 24, 2024

We're thrilled to announce the availability of WP-CLI v2.9.0 on the Pantheon platform.

WP-CLI is easily accessible for any WordPress site on Pantheon through our CLI, Terminus. Manage your WordPress installations efficiently with the power of WP-CLI at your fingertips.

Highlights

  • Enhanced PHP 8.2 support: This release is dedicated to refining support for PHP 8.2, the recommended version on Pantheon.
  • Optimized compatibility with WordPress 6.4: We've worked to guarantee seamless compatibility, providing you with the best performance and features available.
  • Introducing "wp config is-true" command: Our Pantheon engineers have introduced the new "wp config is-true" command. Specifically designed for shell scripting, this command improves WP-CLI functionality and is already integrated into some of our automation processes.
  • Bug fixes: Although primarily a compact release, WP-CLI v2.9.0 brings a significant impact with crucial bug fixes to enhance usability.

For those who love diving into the details, we encourage you to explore the detailed WP-CLI changelog.

January 23, 2024

The latest version of WordPress, 6.4.2, became available on Pantheon as of December 6, 2023.

Highlights

  • Security updates: Addressed a Remote Code Execution vulnerability. While not directly exploitable in Core, its potential severity was recognized, especially when combined with certain plugins, particularly in multisite installations.
  • 7 bug fixes in Core: Resolved an issue causing inconsistencies in stylesheet and theme directories.

Upgrade to WordPress 6.4.2 right from your Pantheon dashboard or Terminus for added security.

January 22, 2024

Pantheon has seamlessly integrated the Drupal 7.99 release, packed with bug fixes and exciting feature enhancements.

Highlights

  • Menu link enhancement: "Parent link" in new custom menu creation is now limited to the current menu, simplifying the process. Editing still allows access to links from other menus, enabling easy relocation.

  • New Drupal 7 hook: Introduced a new “hook_field_schema_alter()”, providing additional flexibility for schema alterations.

  • Security improvement for failed logins: Error messages after a failed login now include a password reset link without disclosing the username, enhancing security by preventing unintended disclosure to third-party services.

Elevate your Drupal 7 experience by applying these updates directly from your Pantheon dashboard. If you would like to delve into specifics of this release, please explore on drupal.org.

December 1, 2023

We're thrilled to announce an impactful upgrade to Pantheon's security infrastructure, reinforcing our commitment to safeguarding your websites. In response to the escalating sophistication of distributed denial-of-service (DDoS) attacks, we've implemented innovative solutions to fortify our defenses. Particularly, we've addressed a surge in Layer 7 attacks targeting content management systems, ensuring resilience even without our Advanced Global CDN's Web Application Firewall (WAF).

Key benefits:

  • Advanced DDoS protection: Our engineers have proactively countered Layer 7 attacks, mitigating risks posed by inauthentic traffic targeting web content management systems.
  • Rate limiting capabilities: We've introduced rate limiting capabilities within our Global CDN, curbing abusive traffic effectively. This ensures a stable online presence, even during large-scale attacks, preventing wider stability issues.

For more in-depth insights into the measures we've taken and the value they bring to your Pantheon experience, delve into the full blog post. Your website's security and stability are our top priorities, and this enhancement is another step in our ongoing commitment to delivering a robust WebOps platform.

December 1, 2023

Introducing proactive alerts tailored for directories with substantial file counts, which could impact performance or accessibility. Stay informed with timely notifications delivered directly to your dashboard and via email when file counts reach 50,000 and 100,000. This feature empowers you to efficiently manage your file system and address potential issues promptly.

December 1, 2023

The Pantheon Drupal Starter Kit for Front-End Sites has undergone significant improvements.

  • Setup experience: The setup process is now more user-friendly and guided for a seamless experience.
  • Health check script: The newly introduced health check script alerts you to known configuration issues before a build fails.
  • Front-End Sites settings: Effortlessly navigate through the Settings page, simplifying the testing of your preview endpoint, and allowing convenient copying of environment variables for use in the Front-End Sites Dashboard.

Curious about creating a new Drupal project with these enhancements? Find detailed instructions here.

For further insights and discussions on similar sites, join the #front-end-frameworks Slack channel.

December 1, 2023

We've enhanced your site management experience by enabling the ability to delete Multidevs directly from your Front-End Sites dashboard. This upgrade simplifies project organization, providing you with a seamless process to remove unnecessary Multidevs.

This intuitive addition streamlines site management, offering a hassle-free solution to keep your projects organized and optimized. Find detailed instructions here.

November 1, 2023

The WordPress Native PHP Sessions plugin added primary keys to its custom tables in 1.2.2 for greater performance and redundancy, but did not upgrade existing sites. Now, version 1.4 includes an optional upgrade command for sites that installed the plugin prior to the 1.2.2 release.

Our open source WordPress Native PHP Sessions is available in the WordPress.org plugins repo.

November 1, 2023
  • As part of Pantheon’s commitment to accessibility, diversity, and inclusion, we are proud to announce that we have completed an external audit of our platform’s accessibility features and the results are available in our WCAG 2.1 AA VPAT.
  • Our teams have ongoing efforts to improve accessibility further and have outlined goals to improve our support of WCAG 2.1 AA criteria for the next two quarters.
  • Our partners and customers who depend on WCAG compliant products can confidently continue to use the platform knowing that we hold accessibility to be an important function of the services we provide.
November 1, 2023

Administrators of large workspaces will now be able to easily remove access for offboarded users at scale. When a member of your team changes jobs, or for whatever reason you need to remove a person from your sites, you can now do so faster

As you remove users from your workspace or site team, you will be prompted to remove access across all sites that a given user may be connected to, which can save multiple clicks and manual labor to ensure the right access levels are maintained.

To learn more about how this new offboarding process works, take a look at our documentation.

November 1, 2023

Pantheon introduced a new build pipeline for Front End Sites to significantly improve build times. Beginning on November 13th, 2023, newly created sites are automatically using the new pipeline and cannot opt back to the old pipeline. Sites made prior to that date can opt-in to the new pipeline to take advantage of the new features. All pre-existing sites that do not opt-in will be switched over for new builds on or around January 15th.

Additionally, we are adding support for Node 18 (for dynamic sites) and 20 (for both static and dynamic sites). To select a specific version, Pantheon is moving away from using .nvmrc and will instead look to the “engines” field in your project’s package.json file.

To find out more about adopting the new pipeline, check out our documentation, and read our blog post about how we’re already experiencing the benefits of this internally at Pantheon.

November 1, 2023

The File System team at Pantheon achieved significant speed improvements in backup processes. The Valhalla export process was overhauled, allowing backups to be constructed from new objects, cutting down export times by 25-83%. This was accomplished by initiating object retrieval immediately after receiving MANIFEST metadata, omitting empty files, and promptly archiving received files.

November 1, 2023

Visibility into composer logs has been a top customer request. Now, if you need to debug a composer build failure due to an error, install the Terminus Composer Logs plugin on your machine to view more details. Upstream Update logs are also available. Installation instructions and command usage can be found here in the plugin's GitHub repository.

October 1, 2023

Global CDN now has improved compatibility with the WPML multilingual WordPress plugin. Page variations for each language can be cached at the edge. This update was rolled out automatically for all sites that use the WPML plugin and increased site cache hit ratio by 24% on average.

October 1, 2023

Sometimes you just need more memory to serve your site reliably. To learn more about why we doubled the memory for most site plans, check out this blog by Rachel Whitton, Lead Technical Writer here at Pantheon.

To take advantage of the increased memory limit, contact our customer support team. Or drop by our regular Zoom-based office hours.

October 1, 2023

PHP 8.2.11 and 8.1.24 were released on the platform. They contain the latest bug fixes and security releases for PHP. As a reminder, PHP 8.0 will reach End-of-Life on 26 November 2023. For the best performance and security, Pantheon recommends running PHP 8.1 and above.

October 1, 2023

The Pantheon Front-End Sites Settings page is now available for users of the WordPress for Front-End project. It provides a simplified post install experience where users can copy environment variables for use in the Front-End Sites dashboard, and also test their preview endpoint. Instructions for creating a new WordPress project can be found here. Want to chat more about these kinds of sites? Join the #front-end-frameworks Slack Channel.

October 1, 2023

On September 20th, Drupal core updates were released to address a critical vulnerability in the JSON:API module. Those updates became immediately available within the Pantheon dashboard for one-click code updates. Additionally, our engineers updated our CDN to mitigate potential attacks.

If you have a Drupal site using JSON:API we suggest you update as soon as possible if you haven't done so already. And even if you aren't using JSON:API, it'll still feel good to apply an update, right? To better understand the nature of security updates, come watch the Pantheon YouTube Livestream on October 25th.

October 1, 2023

We're excited to announce that our documentation site has been seamlessly integrated with our brand-new design system. This enhancement brings a fresh and cohesive look to our documentation, providing a unified and visually appealing experience for our users. Explore the updated, improved, and more accessible Docs site today.

Docs Design System

September 20, 2023

On September 20th, Drupal core updates were released to address a critical vulnerability in the JSON:API module. Those updates became immediately available within the Pantheon dashboard for one-click code updates. Additionally, our engineers updated our CDN to mitigate potential attacks.

If you have a Drupal site using JSON:API we suggest you update as soon as possible if you haven't done so already. And even if you aren't using JSON:API, it'll still feel good to apply an update, right? To better understand the nature of security updates, come watch the Pantheon YouTube Livestream on October 25th.

September 1, 2023

WordPress Multisites can now run automated Search and Replace when cloning the database between environments or spinning up new environments.

Subdomain Multisites can use a domain map to define the URLs between environments, or auto-convert to a subdirectory Multisite in non-live environments.

For more information, see Pantheon’s documentation on Search and Replace. Or join the #WordPress Slack Channel to connect with other Pantheon customers & super-users.

September 1, 2023

We released an update for the Solr Search for WordPress plugin which disables auto-commit by default and allows cron to push solr commits regularly instead.

This drastically improves the performance of large sites and avoids 503 errors related to hard committing on every update. This update is recommended for all WordPress sites currently running the plugin.

You can still enable auto-commit by explicitly setting SOLRPOWER_DISABLE_AUTOCOMMIT to false.

September 1, 2023

Pantheon has deployed PHP versions 8.2.9, 8.1.22, and 8.0.30 to customer sites running on the platform. These releases address vulnerabilities disclosed in CVE-2023-3823 and CVE-2023-3824.

If you are using PHP 8.2, 8.1 or 8.0, there is nothing further that you need to do. If you are still on PHP 7.4 or earlier, though, you should schedule some time to upgrade to a supported version.While the vulnerabilities patched in these latest releases are not reported to affect PHP 7.4, the fact remains that there could be (and probably are) unpatched vulnerabilities in the end-of-life versions. Read more about it in Greg Anderson’s blog post.

September 1, 2023

We released an update for the Pantheon Advanced Page Cache WordPress plugin which adds a filter to allow disabling surrogate keys for posts' taxonomy terms. This can be especially helpful for posts with large numbers of taxonomies (such as WooCommerce products with a large number of global attributes).

For more information, see Pantheon documentation.

September 1, 2023

WordPress sites can now leverage an upgraded object caching solution on Pantheon! Object Cache Pro is a highly optimized premium WordPress plugin that integrates with Redis for business class performance. Find out more about our perspective Object Caching from Steve Persch, Director of Developer Experience.

See Pantheon’s documentation for instructions on how to enable Object Cache Pro. Or join the #WordPress Slack Channel to connect with other customers using Object Cache Pro.

September 1, 2023

Pantheon has pushed an update to WordPress and Drupal 7 core upstreams which sets PHP 8.1 as the new default PHP version, rather than 7.4.

Please test this core update thoroughly before deploying to the Live environment. If your site requires an older version of PHP, or if you'd like to upgrade to PHP 8.2, see Pantheon’s documentation on how to manage PHP versions via the pantheon.yml configuration file.

September 1, 2023

We released version 1.0.5 of the WP Decoupled Preview plugin which contains a bug fix specific to WordPress 6.3. WP Decoupled Preview enables content editors to see their changes in the context of a front-end framework (served through Pantheon's Front-End Sites) like Next.js. To try this functionality, request access to Front-End Sites and follow our tutorial for spinning up our WordPress + Next.js starter.

Can you tell we want more teams to sign up for Front-End Sites? If you don't yet have access, as of the last month you'll now see callouts in the site creation flow that lead to Front-End Sites Access:

Sign up page in the Pantheon dashboard for decoupled Early Access

Thanks to efforts in the last month, once you spin up new codebases in Front-End Sites, you will also find:

  • Newly improved readme files in your fresh projects.
  • Health checks that fire early in the build process if your Front-End Site may be likely to fail due to missing variables for a back-end CMS
  • A better navigation and search functionality for the Decoupled Kit project documentation.

Want to chat more about these kinds of sites? Join the #front-end-frameworks Slack Channel.

September 1, 2023

Helps Workspace Admins more effectively manage user access by providing the ability to offboard users from multiple sites in a single click.

For more information, see Pantheon’s documentation on Workspace Offboarding. Or join the #WordPress Slack Channel to connect with other Pantheon customers & super-users.

September 1, 2023

The Terminus Scheduled Jobs Plugin allows you to schedule and automate specific cron jobs according to site requirements without affecting performance.

You can specify the desired frequency (e.g., daily, weekly, monthly, hourly), and the actions to be performed. The system then executes the scheduled jobs automatically based on the provided instructions. Helps with long running jobs by granting a total budget of 300 mins (in a 24 hr period) to run jobs.