+44 0330 223 3428
Call Us
+44 0330 223 3428

Dev Blog: WordPress 4.9.2 Security and Maintenance Release

Dev Blog: WordPress 4.9.2 Security and Maintenance Release

WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.

MediaElement has released a new version that contains a fix for the bug, and a WordPress plugin containing the fixed files is available in the plugin repository.

Thank you to the reporters of this issue for practicing responsible security disclosureEnguerran Gillier and Widiz.

21 other bugs were fixed in WordPress 4.9.2. Particularly of note were:

  • JavaScript errors that prevented saving posts in Firefox have been fixed.
  • The previous taxonomy-agnostic behavior of get_category_link() and category_description() was restored.
  • Switching themes will now attempt to restore previous widget assignments, even when there are no sidebars to map.

The Codex has more information about all of the issues fixed in 4.9.2, if you’d like to learn more.

Download WordPress 4.9.2 or venture over to Dashboard → Updates and click “Update Now.” Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.2:

0x6f0, Aaron Jorbin, Andrea Fercia, Andrew Duthie, Andrew Ozz, Blobfolio, Boone Gorges, Caleb Burks, Carolina Nymark, chasewg, Chetan Prajapati, Dion Hulse, Hardik Amipara, ionvv, Jason Caldwell, Jeffrey Paul, Jeremy Felt, Joe McGill, johnschulz, Juhi Patel, Konstantin Obenland, Mark Jaquith, Nilambar Sharma, Peter Wilson, Rachel Baker, Rinku Y, Sergey Biryukov, and Weston Ruter.



Source: WordPress

Related Post
WPTavern: AMP Plugin for WordPress Version 1.0 Introduces Gutenberg-Integrated AMP Validation

WPTavern: AMP Plugin for WordPress Version 1.0 Introduces Gutenberg-Integrated AMP Validation Version 1.0 of the official AMP plugin for WordPress was released on the eve of WordCamp US, after two years in development by contributors from Automattic, XWP, and Google. This first stable version has a massive changelog with 30 people credited for their contributions. […]

Read more
WPTavern: WordPress 5.0 “Bebo” Released, Lays A Foundation for the Platform’s Future

WPTavern: WordPress 5.0 “Bebo” Released, Lays A Foundation for the Platform’s Future In 2016 at WordCamp US in Philadelphia, PA, Matt Mullenweg announced to the world that a new post and page editor would be coming to WordPress. “The editor does not represent the core of WordPress publishing,” Mullenweg said. His vision of the editor […]

Read more
Dev Blog: WordPress 5.0 “Bebo”

Dev Blog: WordPress 5.0 “Bebo” Say Hello to the New Editor We’ve made some big upgrades to the editor. Our new block-based editor is the first step toward an exciting new future with a streamlined editing experience across your site. You’ll have more flexibility with how content is displayed, whether you are building your first […]

Read more