WordPress 5. 4. two is now available!
This protection and maintenance release features twenty three fixes and enhancements. In addition, it adds a number of safety fixes—see the list below.
These types of bugs affect WordPress variations 5. 4. 1 plus earlier; version 5. four. 2 fixes them, therefore you’ll want to upgrade.
In case you haven’t yet updated to five. 4, there are also updated types of 5. 3 in addition to earlier that fix the particular bugs for you.
WordPress editions 5. 4 and previously are affected by the following bugs, that are fixed in version five. 4. 2 . If you have not yet updated to 5. some, there are also updated versions associated with 5. 3 and before that fix the security problems.
- Props to Ben Bidner of the WordPress Security Group for finding an open redirect a significant wp_validate_redirect() .
- Props to help Nrimo Ing Pandum for finding an authenticated XSS issue via theme submissions.
- Props towards Claire Scannell of RIPS Systems for finding a problem where set-screen-option can be abused by plugins leading to opportunity escalation.
- Stage sets to Carolina Nymark for discovering an issue exactly where comments from password-protected articles and pages could be shown under certain conditions.
Thank you to all of the reporters for independently disclosing the vulnerabilities . This gave the security group time to fix the weaknesses before WordPress sites might be attacked.
One maintenance up-date was also deployed to variants 5. 1, 5. a couple of and 5. 3. View the associated developer note for more information.
You can browse the full listing of changes on Trac .
For more info, browse the full set of changes on Trac or even check out the Version 5. 4. 2 paperwork page .
WordPress a few. 4. 2 is a short-cycle maintenance release. The next main release will be version 5. your five .
You can download Blogger 5. 4. 2 from your button at the top of this page, or perhaps visit your Dashboard → Updates and click Update Now .
In case you have sites that support automated background updates, they’ve currently started the update procedure.
Thanks and props!
Besides the security researchers mentioned above, many thanks to everyone who assisted make WordPress 5. 5. 2 happen:
Andrea Fercia , argentite , Meters Asif Rahman , Jb Audras , Ayesh Karunaratne , bdcstr , Delowar Hossain , Rob Migchels , donmhico , Ehtisham Siddiqui , Emilie LEBRUN , finomeno , garethgillman , Giorgio25b , Gabriel Maldonado , Hector F , Ian Belanger , Aaron Jorbin , Mathieu Viet , Javier Casares , Later on McGill , jonkolbert , Jono Alderson , Joy , Tammie Lister , Kjell Reigstad , KT , markusthiel , Mayank Majeji , Mel Choyce-Dwan , mislavjuric , Mukesh Panchal , Nikhil Bhansi , oakesjosh , Dominik Schilling , Arslan Ahmed , Peter Wilson , Carolina Nymark , Stephen Bernhardt , Ted Fullalove , Alain Schlesser , Sergey Biryukov , skarabeq , Daniel Richards , Toni Viemerö , suzylah , Timothy Jacobs , TeBenachi , Jake Spurlock and yuhin .