Das Block-CMS WordPress hat ein Update erhalten. Die Version 4.9.2 schließt eine Cross-Site-Scripting (XSS) Schwachstelle und behebt weitere 22 Fehler.
Die Sicherheitslücke beesteht seit WordPress 4.9 und liegt in der MediaElement Datei, die ein Flash Fallback durchführt.
WordPress 4.9.2 Release Notes
Bundled Theme
- #42820 – Twenty Seventeen -watch that language
Customize
- #42492 – Selecting menu location changes line height
- #42871 – Features box textstrings in Feature Filter area need new linebreak
Database
- #42812 – Use MySQLi when available by default
Editor
- #42664 – Editor link autocomplete suggestions: no fallback title displayed for posts with no title
- #43012 – Cannot Update Post in Firefox Due to Editor and TinyMCE JavaScript TypeErrors
External Libraries
- #42439 – Update random_compat external library for PHP 7 linting failure
Formatting
- #42578 – PHP functions inside <p> tags creates new <p> tag, breaking the parent tag into two.
Media
- #42225 – Whitelist Flac Files
- #42447 – Mark test_remove_orientation_data_on_rotate as skipped when exif_read_data isn’t available
- #42480 – Consistent suppression of `getimagesize()` errors
- #42720 – Remove unnecessary MediaElement.js files
Plugins
- #43082 – Add plugins search results: the plugin details modal opens in the thickbox modal
REST API
- #42828 – Hard-coded 403 status in REST response should use `rest_authorization_required_code()`
Taxonomy
- #42771 – WP_Term::get_instance() regression for non-category terms queried with ‘category’ taxonomy
- #42605 – category_description() does not work properly since 4.9
- #42717 – get_category_link() accepting object but not id
TinyMCE
- #42416 – Code assumes iframe mode, exception in inline mode
Upgrade/Install
- #42963 – Improve deletion of $_old_files during upgrades
Widgets