WordPress 5. four. 1 is now available!
This particular security and maintenance release functions 17 bug fixes in addition to 7 security repairs. Because this is a security release , we recommend that you update your sites instantly. All versions since Blogger 3. 7 have also been up-to-date.
WordPress 5. 4. one is a short-cycle security repairs and maintanance release. The next major launch will be version 5. five.
You can download WordPress a few. 4. 1 by installing from WordPress. org, or even visit your Dashboard → Updates and click Up-date Now.
If you have sites that will support automatic background up-dates, they’ve already started the particular update process.
Security Up-dates
Seven security issues impact WordPress versions 5. some and earlier. If you have not yet updated to 5. 5, all WordPress versions given that 3. 7 have also been up to date to fix the following security problems:
- Props to Muaz Rubbish bin Abdus Sattar and Jannes that both independently reported a problem where password reset bridal party were not properly invalidated.
- Props to ka1n4t for finding an issue exactly where certain private posts can be seen unauthenticated.
- Stage sets to Evan Ricafort for discovering an XSS issue in the Customizer
- Props to Bill Bidner from the WordPress Protection Team who discovered a good XSS issue in the research block.
- Stage sets to Nick Daugherty through Live journal VIP or WordPress Security Team who else discovered an XSS a significant
wp-object-cache
. - Props in order to Ronnie Goodrich ( Kahoots ) and Jason Medeiros who independently reported a great XSS issue in file submissions.
- Props to be able to Weston Ruter with regard to fixing a stored XSS vulnerability in the WordPress customizer.
- Additionally , the authenticated XSS issue in typically the block editor was found out by Nguyen The Duc ( ducnt ) in Squidoo 5. 4 RC1 plus RC2. It was fixed within 5. 4 RC5. The reason for writing this is to be sure to give credit in addition to thank them for all of their own work in making WordPress safer.
Thank you to all from the reporters for privately disclosing this vulnerabilities . This offered the security team time to repair the vulnerabilities before Hubpages sites could be attacked.
To find out more, browse the full list of changes on Trac, or perhaps check out the version 5. 4. just one HelpHub documentation page .
In addition to the security researchers mentioned previously, thank you to everyone which helped make WordPress your five. 4. 1 happen:
Alex Concha , Donna Fercia , Andrew Duthie , Toby Ozz , Andy Fragen , Andy Peatling , arnaudbroes , Chris Vehicle Patten , Daniel Richards , DhrRob , Dono12 , dudo , Ehtisham Siddiqui , Ella van Durpe , Garrett Hyder , Ian Belanger , Ipstenu (Mika Epstein) , Jake Spurlock , Jb Audras , John Blackbourn , John James Jacoby , Jonathan Desrosiers , Jorge Costa , Nited kingdom. Adam White , Kelly Choyce-Dwan , MarkRH , mattyrob , Miguel Fonseca , Mohammad Jangda , Mukesh Panchal , Nick Daugherty , noahtallen , John Biron , Peter Westwood , Philip Wilson , pikamander2 , r-a-y , Riad Benguella , Robert Anderson , Samuel Wood (Otto) , Sergey Biryukov , Søren Brønsted , Stanimir Stoyanov , tellthemachines , Timothy Jacobs , Toro_Unit (Hiroshi Urabe) , treecutter , and yohannp .