TimThumb EOL

If you’re using (or thinking of using) TimThumb in the repository, please read.

TimThumb has reached it’s end of life. As such, we strongly recommend you stop using it in your plugins as soon as possible. It’s not supported, it’s not maintained, and that means the 130ish of you who have it are going to have a bad day if another exploit is found because we will close your plugins.

Please note, we’re not retroactively banning it from the repository at this time, though that may change. Right now, we’re asking everyone to take the first step and find an alternative. All new plugins are being required to use something else.

In general, please keep an eye on your third party libraries. If they’re no longer supported, look for a replacement. If they’re out of date, update your plugins. This is the best way to keep your code secure and avoid those awful emails about how we closed your plugin.

#3rd-party, #libraries

Font Awesome is permitted in the Plugin Repository

This took longer than we would have liked to say, but there were communication issues on multiple fronts.

You can use the Font Awesome font files and CSS in your code, per the current Font Awesome License:

  • The Font Awesome font is licensed under the SIL Open Font License – http://scripts.sil.org/OFL.
  • Font Awesome CSS, LESS, and SASS files are licensed under the MIT License – http://opensource.org/licenses/mit-license.html.
  • The Font Awesome pictograms are licensed under the CC BY 3.0 License – http://creativecommons.org/licenses/by/3.0/
  • Attribution is no longer required in Font Awesome 3.0, but much appreciated: Font Awesome by Dave Gandy – http://fortawesome.github.com/Font-Awesome.

As far as crediting is concerned, we feel attribution is always good. You should always put that in your source code, but your readme is optional. Credit links must be opt-in if they show on the front facing part of your site (this includes the login page), but that’s nothing new.

So with that said, we’re going through the plugins that had been closed for Font Awesome usage and opening them. If we missed yours, please email us at plugins at wordpress.org, with a link to the plugin (like https://wordpress.org/extend/plugins/font-awesome/ which is open) and we’ll check right away.

#3rd-party, #licensing

Google Maps JavaScript v2 API To Be Removed

If you’re using the Google Maps JavaScript API v2 (and 78 of you are), your plugins will break on May 19th. This means we’ll not be accepting any plugins that use the old code (and probably will close your plugins that do if you don’t fix ’em).

From Google, Google Maps JavaScript v2 (Deprecated)

The Google Maps JavaScript API Version 2 has been officially deprecated as of May 19, 2010. The V2 API will continue to work until May 19, 2013. We encourage you to migrate your code to version 3 of the Maps JavaScript API.

The Google Maps API lets you embed Google Maps in your own web pages with JavaScript. The API provides a number of utilities for manipulating maps (just like on the http://maps.google.com web page) and adding content to the map through a variety of services, allowing you to create robust maps applications on your website.

The Maps API is a free service, available for any web site that is free to consumers. Please see the terms of use for more information.

To use the Maps API on an intranet or in a non-publicly accessible application, please check out Google Maps API for Business.

So please update your plugins.

(Props to Kailey Lampert for this post)

#3rd-party, #api