WordPress 4.1.2 Safety And Security Launch – San Francisco

WordPress 4.1.2 Safety And Security Launch – San Francisco

WordPress 4.1.2 is currently offered. This is a crucial protection launch for all previous variations and also we highly motivate you to upgrade your websites promptly.

WordPress variations 4.1.1 and also earlier are influenced by a vital cross-site scripting susceptability, which can make it possible for confidential individuals to endanger a website. This was reported by Cedric Van Bockhaven and also dealt with by Gary Pendergast, Mike Adams, and also Andrew Nacin of the WordPress protection group.

We additionally dealt with 3 various other protection problems:

  • In WordPress 4.1 and also greater, documents with void or harmful names can be posted. Uncovered by Michael Kapfer and Sebastian Kraemer of HSASec.
  • In WordPress 3.9 and also greater, an extremely minimal cross-site scripting susceptability can be made use of as component of a social design assault. Uncovered by Jakub Zoczek.
  • Some plugins were prone to an SQL shot susceptability. Uncovered by Ben Bidner of the WordPress protection group.

We additionally made 4 setting modifications, uncovered by J.D. Grimes, Divyesh Prajapati, Allan Collins, Marc-Alexandre Montpas and also Jeff Bowen.

We valued the responsible disclosure of these problems straight to our protection group. For more details, see the release notes or speak with the list of changes.

Download WordPress 4.1.2 or endeavor over to Control Panel → Updates and also merely click “Update Currently.” Websites that sustain automated history updates are currently starting to upgrade to WordPress 4.1.2.

Many thanks to everybody that added to 4.1.2: Allan Collins, Alex Concha, Andrew Nacin, Andrew Ozz, Ben Bidner, Boone Gorges, Dion Hulse, Dominik Schilling, Drew Jaynes, Gary Pendergast, Helen Hou-Sandí, John Blackbourn, and also Mike Adams.

A variety of plugins additionally launched protection solutions the other day. Maintain every little thing upgraded to remain protected. If you’re a plugin writer, please read this post to verify that your plugin is not influenced by the very same concern. Thanks to every one of the plugin writers that functioned very closely with our protection group to guarantee a worked with feedback.

Currently examining WordPress 4.2? The 3rd launch prospect is currently offered (zip) and also it has these solutions. For extra on 4.2, see the RC 1 announcement post.

Cogknockers is a San Francisco WordPress Development Agency with 20+ Years Experience.  WordPress Design is at the core of our services.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Recent News


Scroll to Top