4.7

WordPress 4.7.5 Security and Maintenance Release

WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas. Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team. A Cross Site Request Forgery (CRSF)  vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster. A cross-site scripting (XSS) vulnerability ...

leggi l'articolo completo
Commenti disabilitati su WordPress 4.7.5 Security and Maintenance Release   |   Posted in 4.5,4.7,Releases,Security maggio 16, 2017

WordPress 4.7.4 Maintenance Release

After almost sixty million downloads of WordPress 4.7, we are pleased to announce the immediate availability of WordPress 4.7.4, a maintenance release. This release contains 47 maintenance fixes and enhancements, chief among them an incompatibility between the upcoming Chrome version and the visual editor, inconsistencies in media handling, and further improvements to the REST API. For a full list of changes, consult the release notes and the list of changes. Download WordPress 4.7.4 or visit Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.4. Thanks to everyone who contributed to 4.7.4: Aaron Jorbin, ...

leggi l'articolo completo
Commenti disabilitati su WordPress 4.7.4 Maintenance Release   |   Posted in 4.5,4.7,Releases aprile 20, 2017

WordPress 4.7.2 Security Release

WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.1 and earlier are affected by three security issues: The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo). A cross-site scripting (XSS) ...

leggi l'articolo completo
Commenti disabilitati su WordPress 4.7.2 Security Release   |   Posted in 4.5,4.7,Releases,Security gennaio 26, 2017

WordPress 4.7.1 Security and Maintenance Release

WordPress 4.7 has been downloaded over 10 million times since its release on December 6, 2016 and we are pleased to announce the immediate availability of WordPress 4.7.1. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7 and earlier are affected by eight security issues: Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was fixed in PHPMailer thanks to Dawid Golunski ...

leggi l'articolo completo
Commenti disabilitati su WordPress 4.7.1 Security and Maintenance Release   |   Posted in 4.5,4.7,Releases,Security gennaio 11, 2017

WordPress 4.7 Beta 2

WordPress 4.7 Beta 2 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.7, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip). Notable changes since WordPress 4.7 Beta 1: Twenty Seventeen: The theme wasn’t being installed on upgrades – sorry about that! Now you should see it if you’re upgrading an existing site. There are also plenty of fixes, especially for the header ...

leggi l'articolo completo
Commenti disabilitati su WordPress 4.7 Beta 2   |   Posted in 4.5,4.7,Development,Releases novembre 04, 2016