WordPress 5.4.1 is currently offered!
This safety and security as well as upkeep launch includes 17 bug fixes along with 7 safety and security solutions. Since this is a safety and security launch, it is suggested that you upgrade your websites promptly. All variations because WordPress 3.7 have actually likewise been upgraded.
WordPress 5.4.1 is a short-cycle safety and security as well as upkeep launch. The following significant launch will certainly be variation 5.5.
You can download and install WordPress 5.4.1 by downloading and install from WordPress.org, or see your Control panel → Updates as well as click Update Currently.
If you have websites that sustain automated history updates, they have actually currently begun the upgrade procedure.
Safety And Security Updates
7 safety and security problems impact WordPress variations 5.4 as well as earlier. If you have not yet upgraded to 5.4, all WordPress variations because 3.7 have actually likewise been upgraded to repair the list below safety and security problems:
- Props to Muaz Bin Abdus Sattar as well as Jannes that both separately reported a concern where password reset symbols were not appropriately revoked.
- Props to ka1n4t for locating a concern where particular personal messages can be watched unauthenticated.
- Props to Evan Ricafort for finding an XSS concern in the Customizer
- Props to Ben Bidner from the WordPress Protection Group that found an XSS concern in the search block.
- Props to Nick Daugherty from WordPress VIP/ WordPress Protection Group that found an XSS concern in
- Props to Ronnie Goodrich (Kahoots) as well as Jason Medeiros that separately reported an XSS concern in data publishes.
- Props to Weston Ruter for taking care of a kept XSS susceptability in the WordPress customizer.
- In addition, a verified XSS concern in the block editor was found by Nguyen The Duc (ducnt) in WordPress 5.4 RC1 as well as RC2. It was taken care of in 5.4 RC5. We intended to make certain to provide debt as well as thank them for every one of their operate in making WordPress much more safe and secure.
Thanks to every one of the press reporters forprivately disclosing the vulnerabilities This offered the safety and security group time to repair the susceptabilities prior to WordPress websites can be struck.
Along with the safety and security scientists pointed out over, thanks to every person that assisted make WordPress 5.4.1 occur:
Alex Concha, Andrea Fercia, Andrew Duthie, Andrew Ozz, Andy Fragen, Andy Peatling, arnaudbroes, Chris Van Patten, Daniel Richards, DhrRob, Dono12, dudo, Ehtisham Siddiqui, Ella van Durpe, Garrett Hyder, Ian Belanger, Ipstenu (Mika Epstein), Jake Spurlock, Jb Audras, John Blackbourn, John James Jacoby, Jonathan Desrosiers, Jorge Costa, K. Adam White, Kelly Choyce-Dwan, MarkRH, mattyrob, Miguel Fonseca, Mohammad Jangda, Mukesh Panchal, Nick Daugherty, noahtallen, Paul Biron, Peter Westwood, Peter Wilson, pikamander2, r-a-y, Riad Benguella, Robert Anderson, Samuel Wood (Otto), Sergey Biryukov, Søren Brønsted, Stanimir Stoyanov, tellthemachines, Timothy Jacobs, Toro_Unit (Hiroshi Urabe), treecutter, as well as yohannp.