WordPress 4.0.1 Safety Launch – San Francisco

WordPress 4.0.1 is currently readily available. This is a vital protection launch for all previous variations and also we highly motivate you to upgrade your websites promptly.

Websites that sustain automated history updates will certainly be upgraded to WordPress 4.0.1 within the following couple of hrs. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will certainly be upgraded to 3.9.3, 3.8.5, or 3.7.5 to maintain whatever safe. (We do not sustain older variations, so please upgrade to 4.0.1 for the most up to date and also biggest.)

WordPress variations 3.9.2 and also earlier are influenced by an important cross-site scripting susceptability, which might make it possible for confidential customers to jeopardize a website. This was reported byJouko Pynnonen This problem does not impact variation 4.0, however variation 4.0.1 does resolve these 8 protection concerns:

  • 3 cross-site scripting concerns that a factor or writer might make use of to jeopardize a website. Found by Jon Cave, Robert Chapin, and also John Blackbourn of the WordPress protection group.
  • A cross-site demand bogus that might be utilized to deceive a customer right into transforming their password.
  • A problem that might result in a rejection of solution when passwords are inspected. Reported by Javier Nieto Arevalo and also Andres Rojas Guerrero.
  • Added defenses for server-side demand bogus assaults when WordPress makes HTTP demands. Reported by Ben Bidner (vortfu).
  • An exceptionally not likely hash crash might permit a customer’s account to be endangered, that likewise needed that they have not visited considering that 2008 (I desire I were joking). Reported by David Anderson.
  • WordPress currently revokes the web links in a password reset e-mail if the individual remembers their password, visit, and also modifications their e-mail address. Reported independently by Momen Bassel, Tanoy Bose, and also Bojan Slavković of ManageWP

Variation 4.0.1 likewise solutions 23 pests with 4.0, and also we have actually made 2 solidifying modifications, consisting of far better recognition of EXIF information we are drawing out from uploaded images. Reported by Chris Andrè Dale.

We valued the responsible disclosure of these concerns straight to our protection group. To learn more, see the release notes or get in touch with the list of changes.

Download WordPress 4.0.1 or endeavor over to Control Panel → Updates and also just click “Update Now”.

Currently examining WordPress 4.1? The 2nd beta is currently readily available (zip) and also it has these protection solutions. For even more on 4.1, see the beta 1 announcement post.


Cogknockers is a San Francisco WordPress Development Agency with 20+ Years Experience.  WordPress Design is at the core of our services.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Recent News

0

Scroll to Top