Wordpress Logo

WordPress 5.4.2 Security und Bugfix Release

Das Blogsystem WordPress erhielt ein Security und Bugfix Release in Version 5.4.2. Das Update schließt 6 Sicherheitslücken und entfernt über 20 Fehler.

WordPress 5.4.2 Release Notes

Security Fixes

Five security issues affect WordPress versions 5.4 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

  • Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor
  • Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
  • Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect()
  • Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads
  • Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation
  • Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

Bugfixes

  • 49956 – Spammers able to share unmoderated comments (see related devnote below)
  • 49749 – Registering rest routes with a slash-prefixed namespace give inconsistent results
  • 49798 – Default WordPress favicon in dark mode browsers
  • 49808 – WordPress 5.4: Deprecated: tag_row_actions is deprecated since version 3.0.0
  • 50121 – About page: correcting the order of headings
  • 50131 – Absent custom favicon triggers wp-admin .htaccess/.htpasswd prompt on frontend in FIrefox
  • 49353 – button padding issue in edit plug on small device
  • 37926 – Twenty Eleven & Twenty Twelve: Dropdown category widget exceeds parent div when strings are long enough
  • 45865 – Twenty Nineteen: Consider decreasing the font size for widget titles
  • 48803 – Twenty Twenty: Custom post type that doesn’t support author, shows author
  • 48916 – Twenty Twenty: anchor links don’t work in mobile menu
  • 49088 – Twenty Twenty: Add icon for g.page links (Google business profile)
  • 49316 – Twenty Twenty missed license for images.
  • 49320 – Twenty Twenty: aligncenter>figcaption missing text-align: center; feature
  • 49322 – Twenty Twenty: Submenu items disappear underneath the Cover block
  • 49435 – Twenty Twenty: inconsistent top and bottom margins for .alignwide and .alignfull on Chrome vs Safari (cross browser issue)
  • 49699 – Twenty Nineteen: Center- and right-aligned heading accents appear broken
  • 49793 – Twenty Twenty: Images in list blocks are not positioned correctly
  • 49893 – TwentyTwenty: TikTok and ResearchGate Social Icons
  • 49932 – Small Typo in Twenty-Twenty

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.