Weekly Web Updates - August 10, 2020

WordPress HTTPS change announcement

In the coming week we will change sites.middlebury.edu and sites.miis.edu to use encrypted HTTPS for all browsing rather than letting sites be browsed under both HTTPS and unencrypted HTTP connections. This change will improve security for all users and is a prerequisite for an improved single-sign-on process.



All URLs will be automatically redirected to HTTPS version and the impact on the vast majority of sites should should be minimal. That said, with over 5,000 sites in the system there are likely cases where some browsers will block the inclusion of some content has been hard-coded to load using an HTTP URL. In these cases, the resolution is to update the embedded content to use https:// URLs instead of http:// URLs. This fix to content can be made now, before the change is forced. Because of the  scale of content in this system it is not possible for us to exhaustively audit all sites and pages. Users can test their own sites by navigating to the site and changing the address in their browser’s URL bar from http://sites.middlebury.edu/… to https://sites.middlebury.edu/…

Please report any issues found or questions via a Help Desk ticket.

Updates

• Drupal 8.9.3
• Drupal tac_lite 8.x-1.5
• Drupal webform_validation 7.x-1.18
• WordPress badgeos plugin 3.6.2
• WordPress foogallery plugin 1.9.30
• WordPress jetpack plugin 8.8
• WordPress ml-slider plugin 3.17.0
• WordPress sydney-toolbox plugin 1.12
• WordPress sydney theme 1.65

Fixes and Tweaks

• In preparation for the WordPress HTTPS change (discussed above), all sites with alternate domain names now have valid HTTPS certificates. (Examples: www.potomactheatreproject.org, liberalartsdiversity.org, c3transformhighered.org)