+44 0330 223 3428
Call Us
+44 0330 223 3428

WPTavern: WordPress 4.9.1 Released, Fixes Page Template Bug

WPTavern: WordPress 4.9.1 Released, Fixes Page Template Bug

WordPress 4.9.1 is available for download and is a maintenance and security release. This release addresses four security issues in WordPress 4.9 and below that could potentially be used as part of a multi-vector attack. According to the release notes, the following changes have been made to WordPress to protect against these vulnerabilities.

  1. Use a properly generated hash for the newbloguser key instead of a determinate substring.
  2. Add escaping to the language attributes used on html elements.
  3. Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
  4. Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

Rahul Pratap Singh and John Blackbourn are credited with responsibly disclosing the vulnerabilities. In addition to the changes above, 4.9.1 fixes eleven bugs, including the Page Template issue we wrote about last week. Many sites have already updated to 4.9.1 automatically. To see a list of detailed changes, check out this post on Make WordPress Core.



Source: WordPress

Related Post
WPTavern: Yoast CEO Responds to #YoastCon Twitter Controversy, Calls for Change in the SEO Industry

WPTavern: Yoast CEO Responds to #YoastCon Twitter Controversy, Calls for Change in the SEO Industry Yoast CEO Marieke van de Rakt published a post yesterday, addressing the controversy that dominated the #YoastCon hashtag on Twitter in the days leading up the the event. Several parties from the SEO industry began circulating old tweets, along unsavory […]

Read more
WPTavern: Alex Mills Ends His Battle With Leukemia

WPTavern: Alex Mills Ends His Battle With Leukemia Today, we are reminded that life is fleeting and that plugins, themes, and WordPress itself is built and maintained by humans. Alex (Viper007Bond) Mills announced that he is ending his fight with Leukemia. Due to liver inflammation and GvHD, the liver is too damaged to continue with treatment […]

Read more
WPTavern: Bootstrap Patches XSS Vulnerability in Versions 4.3.1 and 3.4.1

WPTavern: Bootstrap Patches XSS Vulnerability in Versions 4.3.1 and 3.4.1 Bootstrap has released versions 4.3.1 and 3.4.1 to patch an XSS vulnerability (CVE-2019-8331) that was reported to the Bootstrap Drupal project by a developer and then responsibly disclosed to the Bootstrap development team. The vulnerability specifically affects usage of the tooltip and popover features: Earlier […]

Read more