Yesterday we released WPML 3.1.9, which addresses several security concerns. We take the security of our clients very seriously, so as soon as we noticed these possible exploits, we set to work on a version which fixes them. That version added sanitation to a number of places in the code. One of them, sanitized URLs incorrectly, ending up in a bug that caused WPML not to decode non-English URLs correctly.
So, if you updated WPML to 3.1.9 and got a 404 error, please note that you’re not alone. We had it for several hours on our own sites too.
We had to balance between the urgency of fixing a security issue and the time it takes to test every feature in WPML. In this case, we didn’t catch the problem and release a version that fixes the security issues but causes the problem.
It’s fixed now in 220.127.116.11. We are very sorry for the trouble that this had caused. Please note that this was a ‘render’ issue only. Meaning, nothing got changed in your database and content is still there.
Please be sure to update to the recent version of WPML. Don’t let this glitch keep you from updating, so that you have the most recent and secure version of WPML.
After upgrading, we encourage you to register your site on wpml.org. You can register as many sites as you need, for yourself and for your clients. This registration tells us which versions run where. We are going to use it to contact clients who have out-of-date versions of WPML and advise to upgrade sites, which you might have forgotten about.
Questions? Ideas? Suggestions? Let us know by leaving your comments.