WordPress Security und Bugfix Release 4.9.2

Das Block-CMS WordPress hat ein Update erhalten. Die Version 4.9.2 schließt eine Cross-Site-Scripting (XSS) Schwachstelle und behebt weitere 22 Fehler.

Die Sicherheitslücke beesteht seit WordPress 4.9 und liegt in der MediaElement Datei, die ein Flash Fallback durchführt.

WordPress 4.9.2 Release Notes

Bundled Theme

  • #42820 – Twenty Seventeen -watch that language

Customize

  • #42492 – Selecting menu location changes line height
  • #42871 – Features box textstrings in Feature Filter area need new linebreak

Database

  • #42812 – Use MySQLi when available by default

Editor

  • #42664 – Editor link autocomplete suggestions: no fallback title displayed for posts with no title
  • #43012 – Cannot Update Post in Firefox Due to Editor and TinyMCE JavaScript TypeErrors

External Libraries

  • #42439 – Update random_compat external library for PHP 7 linting failure

Formatting

  • #42578 – PHP functions inside <p> tags creates new <p> tag, breaking the parent tag into two.

Media

  • #42225 – Whitelist Flac Files
  • #42447 – Mark test_remove_orientation_data_on_rotate as skipped when exif_read_data isn’t available
  • #42480 – Consistent suppression of `getimagesize()` errors
  • #42720 – Remove unnecessary MediaElement.js files

Plugins

  • #43082 – Add plugins search results: the plugin details modal opens in the thickbox modal

REST API

  • #42828 – Hard-coded 403 status in REST response should use `rest_authorization_required_code()`

Taxonomy

  • #42771 – WP_Term::get_instance() regression for non-category terms queried with ‘category’ taxonomy
  • #42605 – category_description() does not work properly since 4.9
  • #42717 – get_category_link() accepting object but not id

TinyMCE

  • #42416 – Code assumes iframe mode, exception in inline mode

Upgrade/Install

  • #42963 – Improve deletion of $_old_files during upgrades

Widgets

  • #42603 – Widgets Warning after activating theme and on dashboard widgets page
  • #42719 – Always attempt to restore widgets’ previous assignment
  • #42867 – HTML Widget: toggleClass() should be passed true/false as second param

Quelle: https://codex.wordpress.org/Version_4.9.2

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

This site uses Akismet to reduce spam. Learn how your comment data is processed.