WordPress 5.1.1 is currently readily available! This safety and also upkeep launch presents 14 solutions and also improvements, consisting of modifications created to aid hosts prepare individuals for the minimum PHP version bump coming in 5.2
This launch likewise consists of a set of safety solutions that take care of exactly how remarks are filteringed system and after that kept in the data source. With a maliciously crafted remark, a WordPress message was susceptible to cross-site scripting.
WordPress variations 5.1 and also earlier are impacted by these pests, which are repaired in variation 5.1.1. Upgraded variations of WordPress 5.0 and also earlier are likewise readily available for any kind of individuals that have actually not yet upgraded to 5.1.
Props to Simon Scannell of RIPS Technologies that uncovered this imperfection independent of some job that was being done by participants of the core safety group. Thanks to every one of the press reporters for privately disclosing the vulnerabilities, which provided us time to repair them prior to WordPress websites might be struck.
Various other highlights of this launch consist of:
- Hosts can currently provide a switch for their individuals to upgrade PHP.
- The suggested PHP variation utilized by the “Update PHP” notification can currently be filteringed system.
- A number of small pest solutions.
You can surf the full list of changes on Trac
WordPress 5.1.1 was a short-cycle upkeep launch. Version 5.1.2 is anticipated to comply with a comparable 2 week launch tempo.
You can download and install WordPress 5.1.1 or go to Control Panel → Updates and also click Update Currently Websites that sustain automated history updates have actually currently begun to upgrade immediately.
Along with the safety scientist discussed over, thanks to everybody that added to WordPress 5.1.1:
Aaron Jorbin, Alex Concha, Andrea Fercia, Andy Fragen, Anton Vanyukov, Ben Bidner, bulletdigital, David Binovec, Dion Hulse, Felix Arntz, Garrett Hyder, Gary Pendergast, Ian Dunn, Jake Spurlock, Jb Audras, Jeremy Felt, Johan Falk, Jonathan Desrosiers, Luke Carbis, Mike Schroder, Milan Dinić, Mukesh Panchal, Paul Biron, Peter Wilson, Sergey Biryukov, and also Weston Ruter.