+44 0330 223 3428
Call Us
+44 0330 223 3428

Dev Blog: WordPress 4.9.7 Security and Maintenance Release

Dev Blog: WordPress 4.9.7 Security and Maintenance Release

WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.

Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues.

Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were:

  • Taxonomy: Improve cache handling for term queries.
  • Posts, Post Types: Clear post password cookie when logging out.
  • Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen.
  • Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first.
  • Privacy: Make sure default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context.

Download WordPress 4.9.7 or venture over to Dashboard → Updates and click “Update Now.” Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.7:

1naveengiri, Aaron Jorbin, abdullahramzan, alejandroxlopez, Andrew Ozz, Arun, Birgir Erlendsson (birgire), BjornW, Boone Gorges, Brandon Kraft, Chetan Prajapati, David Herrera, Felix Arntz, Gareth, Ian Dunn, ibelanger, John Blackbourn, Jonathan Desrosiers, Joy, khaihong, lbenicio, Leander Iversen, mermel, metalandcoffee, Migrated to @jeffpaul, palmiak, Sergey Biryukov, skoldin, Subrata Sarkar, Towhidul Islam, warmlaundry, and YuriV.


WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory. Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues. Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were: Taxonomy: Improve cache handling for term queries. Posts, Post Types: Clear post password cookie when logging…

Source: WordPress

Related Post
WPTavern: Matt Mullenweg Publishes TED Talk on the Future of Work, Prepares to Launch New Distributed.blog Website

WPTavern: Matt Mullenweg Publishes TED Talk on the Future of Work, Prepares to Launch New Distributed.blog Website Matt Mullenweg is teasing out a new website at distributed.blog with the tagline “The future of work is here.” It’s not clear yet whether subscribers to the mystery blog will be on board for blog posts, a new […]

Read more
WPTavern: WPBrigade Patches Critical Vulnerability in Simple Social Buttons Plugin

WPTavern: WPBrigade Patches Critical Vulnerability in Simple Social Buttons Plugin WPBrigade, the developers behind the Simple Social Buttons plugin, have patched a critical privilege escalation vulnerability. The security issue was discovered by the team at WebARX. Developer and researcher Luka Šikić summarized the vulnerability in a post published this week: Improper application design flow, chained […]

Read more
WPTavern: WPWeekly Episode 345 – The Relationship Between Corporate Cash and Open Source Software

WPTavern: WPWeekly Episode 345 – The Relationship Between Corporate Cash and Open Source Software In this episode, John James Jacoby and I discuss a thought-provoking post published by Morten Rand-Hendriksen that takes a deep look at equity in open source software. Morten suggests that the mantra of decisions are made by those who show up […]

Read more