+44 0330 223 3428
Call Us
+44 0330 223 3428

Dev Blog: WordPress 4.9.2 Security and Maintenance Release

Dev Blog: WordPress 4.9.2 Security and Maintenance Release

WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.

MediaElement has released a new version that contains a fix for the bug, and a WordPress plugin containing the fixed files is available in the plugin repository.

Thank you to the reporters of this issue for practicing responsible security disclosureEnguerran Gillier and Widiz.

21 other bugs were fixed in WordPress 4.9.2. Particularly of note were:

  • JavaScript errors that prevented saving posts in Firefox have been fixed.
  • The previous taxonomy-agnostic behavior of get_category_link() and category_description() was restored.
  • Switching themes will now attempt to restore previous widget assignments, even when there are no sidebars to map.

The Codex has more information about all of the issues fixed in 4.9.2, if you’d like to learn more.

Download WordPress 4.9.2 or venture over to Dashboard → Updates and click “Update Now.” Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.2:

0x6f0, Aaron Jorbin, Andrea Fercia, Andrew Duthie, Andrew Ozz, Blobfolio, Boone Gorges, Caleb Burks, Carolina Nymark, chasewg, Chetan Prajapati, Dion Hulse, Hardik Amipara, ionvv, Jason Caldwell, Jeffrey Paul, Jeremy Felt, Joe McGill, johnschulz, Juhi Patel, Konstantin Obenland, Mark Jaquith, Nilambar Sharma, Peter Wilson, Rachel Baker, Rinku Y, Sergey Biryukov, and Weston Ruter.



Source: WordPress

Related Post
WPTavern: Matt Mullenweg Publishes TED Talk on the Future of Work, Prepares to Launch New Distributed.blog Website

WPTavern: Matt Mullenweg Publishes TED Talk on the Future of Work, Prepares to Launch New Distributed.blog Website Matt Mullenweg is teasing out a new website at distributed.blog with the tagline “The future of work is here.” It’s not clear yet whether subscribers to the mystery blog will be on board for blog posts, a new […]

Read more
WPTavern: WPBrigade Patches Critical Vulnerability in Simple Social Buttons Plugin

WPTavern: WPBrigade Patches Critical Vulnerability in Simple Social Buttons Plugin WPBrigade, the developers behind the Simple Social Buttons plugin, have patched a critical privilege escalation vulnerability. The security issue was discovered by the team at WebARX. Developer and researcher Luka Šikić summarized the vulnerability in a post published this week: Improper application design flow, chained […]

Read more
WPTavern: WPWeekly Episode 345 – The Relationship Between Corporate Cash and Open Source Software

WPTavern: WPWeekly Episode 345 – The Relationship Between Corporate Cash and Open Source Software In this episode, John James Jacoby and I discuss a thought-provoking post published by Morten Rand-Hendriksen that takes a deep look at equity in open source software. Morten suggests that the mantra of decisions are made by those who show up […]

Read more