+44 0330 223 3428
Call Us
+44 0330 223 3428

Dev Blog: WordPress 4.9.7 Security and Maintenance Release

Dev Blog: WordPress 4.9.7 Security and Maintenance Release

WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.

Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues.

Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were:

  • Taxonomy: Improve cache handling for term queries.
  • Posts, Post Types: Clear post password cookie when logging out.
  • Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen.
  • Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first.
  • Privacy: Make sure default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context.

Download WordPress 4.9.7 or venture over to Dashboard → Updates and click “Update Now.” Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.7:

1naveengiri, Aaron Jorbin, abdullahramzan, alejandroxlopez, Andrew Ozz, Arun, Birgir Erlendsson (birgire), BjornW, Boone Gorges, Brandon Kraft, Chetan Prajapati, David Herrera, Felix Arntz, Gareth, Ian Dunn, ibelanger, John Blackbourn, Jonathan Desrosiers, Joy, khaihong, lbenicio, Leander Iversen, mermel, metalandcoffee, Migrated to @jeffpaul, palmiak, Sergey Biryukov, skoldin, Subrata Sarkar, Towhidul Islam, warmlaundry, and YuriV.


WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory. Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues. Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were: Taxonomy: Improve cache handling for term queries. Posts, Post Types: Clear post password cookie when logging…

Source: WordPress

Related Post
WPTavern: WPTracSearch: An Elasticsearch-Powered Search Interface for WordPress Trac Tickets

WPTavern: WPTracSearch: An Elasticsearch-Powered Search Interface for WordPress Trac Tickets WordPress Trac is one of the more utilitarian and uninspiring interfaces that many contributors have to contend with in the process of giving back to the project. After growing tired of Trac’s mediocre search functionality, William Earnhardt set out to improve it with a new […]

Read more
WPTavern: Tips for Replying to A Call for Papers or A Call for Speakers

WPTavern: Tips for Replying to A Call for Papers or A Call for Speakers The following is a guest post written by Jennifer Bourn. With 21 years experience as a graphic designer, 15 years experience as a web designer, 14 years as a creative agency owner, and 11 years as a blogger, Jennifer Bourn has […]

Read more
WPTavern: Storefront 2.5.0 Introduces a Custom, Block-Based Homepage

WPTavern: Storefront 2.5.0 Introduces a Custom, Block-Based Homepage Storefront, WooCommerce’s free flagship theme, has just released version 2.5.0 with updates that make it easier to setup and customize the homepage. In 2017, WooCommerce 2.2 introduced starter content to help users set up the homepage template, menus, widgets, and add some demo products. This content has […]

Read more