Pantheon release notes

The 1.33.0 update is now available for the WordPress (composer managed) upstream. This update fixes two bugs and alters the way REST API permalinks are handled on newly-created sites.

Bug fixes

• Fixes a bug where a script was added to the composer.json file that did not exist due to a typo in the script name. This caused a failure when running composer install or composer update. (For more information see #183.)
• Fixes an issue where REST API URLs were broken before "pretty permalinks" were enabled. This was due to URL rewriting fixes for the Bedrock-based WordPress architecture (using the /wp/ directory). The fix ensures that "pretty permalinks" are natively supported even before explicitly enabled, while also still supporting "plain" REST API URLs. (For more information see #186.)

For more details, refer to the WordPress (Composer Managed) changelog.

Action required

To benefit from these updates and ensure your site is using the most current version, apply the update to your WordPress (composer managed) site or custom upstream.

Troubleshooting

If you notice an error when running composer install or composer update, please check your composer.json file for the maybe-add-symlinks script and rename it to maybe-create-symlinks.

We have updated the version of WP-CLI on the Pantheon platform to v2.12.0. Sites will automatically update to this version over the next 48 hours.

WP-CLI is easily accessible for any WordPress site on Pantheon through our CLI, Terminus, allowing you to manage your WordPress installations efficiently with powerful commands at your fingertips.

Highlights

• Post lists can now handle complex query flags: When using post list, you can now use JSON notation to provide complex query arguments to the --tax_query, --meta_query and --post_date fields.
• Post meta can be forced to only return a single value: The post meta get command now has a --single flag defaulting to true which can be negated with --no-single. This flag tells WordPress whether to only return a single value or all existing values for a given key.
• Exclude files on core checksum verification: When running a core checksum verification, you can exclude one or more files from the checksum verification with the new --exclude=<files> flag.
• Respect requires and requires_php tags for plugins and themes: The plugin and theme commands now understand and respect the requires and requires_php header tags when trying to install or update extensions. A new state unavailable has been introduced to denote the updates that are newer than your current installation but for which your site does not fulfill the requirements.
• PHP 8.4 Compatibility: WP-CLI is now fully compatible with PHP 8.4. Pantheon is actively working to add PHP 8.4 support on the platform.
• Bug Fixes: WP-CLI 2.12.0 includes numerous bug fixes, with over 382 pull requests merged, addressing both minor and significant issues.

Two fixes related to wp-config.php in this release are specifically driven by needs of the Pantheon platform. wp config has (to check the existence of a variable or constant in wp-config) previously failed in read-only filesystems like Pantheon's test and live environments. PHP warnings or notices in wp-config.php also no longer surface twice when running wp config commands.

Pantheon Senior Software Engineer Phil Tyler contributed to this latest WP-CLI release.

For a deeper dive into all the changes, we encourage you to explore the detailed WP-CLI changelog.

We have released version 0.6.1 of the 'Push to Pantheon' GitHub Action. This version updates the version of the Terminus GitHub Action dependency, updates documentation in the README, and updates the default git user and email for build asset commits to match existing standards (Pantheon Automation). This is also the first version available in the GitHub Action Marketplace.

For more details, please refer to the 0.6.1 release notes. To update to the latest version, modify your workflow file to use 0.6.1:

PHP version 8.3.22 is now available on the platform. This update brings the latest bug fixes and enhancements, improving performance and security for your sites. Updates will be applied automatically over the next few days, so no manual action is required.

Important PHP version information

• PHP 8.1 and 8.2 are currently receiving security-only updates.
• For more details, see the full list of PHP supported versions.

For the best performance and security, Pantheon recommends running PHP 8.2 and above.

Pantheon has released a new version of our WP SAML Auth WordPress plugin. This release adds a notification for a recently discovered vulnerability in the SimpleSAMLphp library that can expose sites to SSO (Single Sign-On) forgery or impersonation.

This vulnerability affects only a small minority of WP SAML Auth implementations because the plugin defaults to a more modern library, OneLogin PHP SAML. Only sites configured with an outdated version of the SimpleSAMLphp library are vulnerable.

The update to WP SAML Auth includes a warning message displayed in the WordPress admin if a vulnerable version of SimpleSAMLphp is detected with instructions to install SimpleSAMLphp 2.3.7 or higher. Since the migration from the previous and most vulnerable versions of SimpleSAMLphp (1.x) to a newer and more secure version (2.x or above) can be onerous, some teams may prefer to switch from SimpleSAMLphp to the default of the plugin, OneLogin PHP SAML than to upgrade SimpleSAMLphp.

When a version of SimpleSAMLphp older than 2.0.0 is detected, an error notice is displayed in the WordPress admin on every page. An option has been added that can be used to disable SAML-based authentication entirely if the version of the library is in this critical state. When a version of SimpleSAMLphp older than 2.3.7 is detected, that notice is downgraded to a warning, but is still visible across all admin pages until SimpleSAMLphp has been upgraded. If the version could not be detected, a warning message appears on the WP SAML Auth admin page.

Action required

You are encouraged to upgrade your version of WP SAML Auth to the latest version as soon as possible so you know with certainty whether your site is vulnerable. If you see the notice in your dashboard, we recommend that you upgrade to the latest version of SimpleSAMLphp immediately.

If you have questions or concerns, please open issues in the queue for the plugin.

As part of our ongoing platform maintenance and security improvements, Drush versions 5 and 7 are no longer available on Pantheon. Sites currently configured to use Drush 5 or 7 are being automatically upgraded to Drush 8 over the next few days.

Drush 5 reached end-of-life (EOL) in May 2015 and Drush 7 in July 2017. EOL software does not receive security or feature updates, and could expose sites to attack if any vulnerabilities or exploits are discovered.

Find out which version of Drush your site is running.

Action required

While all sites previously using Drush 5 or 7 have been auto-upgraded to Drush 8, the pantheon.yml file for these sites have not been changed and will still contain the retired values. In the future, this will cause a git push to the platform to be rejected. Customers with sites configured for Drush 5 or 7 should upgrade the Drush version in pantheon.yml to at least Drush 8.

Sites created with custom upstreams using EOL Drush versions may also have unexpected behavior upon site creation. Upstream updates may also fail if pantheon.yml is updated while drush_version is still set to 5 or 7.

Starting today, PHP versions less than 5.6 in pantheon.yml will be rejected by the platform on git push.

Earlier this year, PHP versions 5.3 and 5.5 reached end-of-life on the platform. While sites configured to use these PHP versions have already been auto-upgraded to use PHP 5.6, the old values have still been allowed in the pantheon.yml file.

Applying upstream updates on a site configured with an EoL PHP version may fail too. The workflow logs will report when that failure is due to the PHP version being rejected. Sites created with custom upstreams using EoL PHP versions may also see failed workflows.

Action Required

Customers with sites configured for PHP 5.3 or 5.5 should upgrade the PHP version in pantheon.yml to at least PHP 5.6.

Pantheon currently recommends at least PHP 8.1 for all production sites.

A followup update to last week's release for the Drupal 7 pantheon_apachesolr module is now available for the Drupal 7 upstream.

This update resolves a regression with local development in version 1.1 of pantheon_apachesolr.

As a reminder, customers using Solr with Drupal 7 sites should update their sites to the latest version of the upstream as soon as possible. Customers with custom upstreams will need to update their upstreams to include the last changes in the platform upstream.

Starting June 17, 2025, Pantheon will require the updated Pantheon Apache Solr module (provided in the Pantheon Drupal 7 upstream) for Drupal 7 sites to access Solr services. Sites running on older versions of the Drupal 7 upstream (with pantheon_apachesolr version 7.x-1.0 or below) will no longer be able to access Pantheon's Solr services.