+44 0330 223 3428
Call Us
+44 0330 223 3428

Dev Blog: WordPress 4.9.7 Security and Maintenance Release

Dev Blog: WordPress 4.9.7 Security and Maintenance Release

WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.

Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues.

Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were:

  • Taxonomy: Improve cache handling for term queries.
  • Posts, Post Types: Clear post password cookie when logging out.
  • Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen.
  • Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first.
  • Privacy: Make sure default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context.

Download WordPress 4.9.7 or venture over to Dashboard → Updates and click “Update Now.” Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.7:

1naveengiri, Aaron Jorbin, abdullahramzan, alejandroxlopez, Andrew Ozz, Arun, Birgir Erlendsson (birgire), BjornW, Boone Gorges, Brandon Kraft, Chetan Prajapati, David Herrera, Felix Arntz, Gareth, Ian Dunn, ibelanger, John Blackbourn, Jonathan Desrosiers, Joy, khaihong, lbenicio, Leander Iversen, mermel, metalandcoffee, Migrated to @jeffpaul, palmiak, Sergey Biryukov, skoldin, Subrata Sarkar, Towhidul Islam, warmlaundry, and YuriV.


WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory. Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues. Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were: Taxonomy: Improve cache handling for term queries. Posts, Post Types: Clear post password cookie when logging…

Source: WordPress

Related Post
WPTavern: Clean Blocks: A Free Multipurpose WordPress Theme Compatible with Gutenberg

WPTavern: Clean Blocks: A Free Multipurpose WordPress Theme Compatible with Gutenberg Clean Blocks is a new free theme from Catch Themes that was released last week on WordPress.org. The design is suitable for businesses, agencies, freelancers, and other service professionals who require featured content, a portfolio, testimonials, a blog, and a services section. Clean Blocks […]

Read more
WPTavern: Laraberg, a Gutenberg Implementation for Laravel, is Now in Beta

WPTavern: Laraberg, a Gutenberg Implementation for Laravel, is Now in Beta The family of Gutenberg derivatives is expanding with the beta release of Laraberg, an implementation for Laravel. Maurice Wijnia, a developer at Van Ons, an agency based in Amsterdam, created Laraberg as an easy way for developers building applications with Laravel to integrate the […]

Read more
HeroPress: How the WordPress community helped me find my way

HeroPress: How the WordPress community helped me find my way Este ensaio também está disponível em português. As I make a checklist of all the things I’ll have to pack to travel from São Paulo to Berlin, to attend WordCamp Europe 2019, I can’t stop thinking how hard the path to this point has been. […]

Read more