WordPress 5.4.2 is currently offered!
This protection and also upkeep launch includes 23 solutions and also improvements. And also, it includes a variety of protection solutions– see the listed here.
These insects impact WordPress variations 5.4.1 and also earlier; variation 5.4.2 solutions them, so you’ll intend to update.
If you have not yet upgraded to 5.4, there are likewise upgraded variations of 5.3 and also earlier that repair the insects for you.
WordPress variations 5.4 and also earlier are impacted by the complying with insects, which are taken care of in variation 5.4.2. If you have not yet upgraded to 5.4, there are likewise upgraded variations of 5.3 and also earlier that repair the protection problems.
- Props to Ben Bidner of the WordPress Safety and security Group for discovering an open redirect problem in wp_validate_redirect()
- Props to Nrimo Ing Pandum for discovering a validated XSS problem through style uploads.
- Props to Simon Scannell of RIPS Technologies for discovering a problem where set-screen-option can be mistreated by plugins resulting in advantage rise.
- Props to Carolina Nymark for finding a problem where remarks from password-protected blog posts and also web pages might be shown under specific problems.
Thanks to every one of the press reporters for privately disclosing the vulnerabilities This provided the protection group time to deal with the susceptabilities prior to WordPress websites might be struck.
One upkeep upgrade was likewise released to variations 5.1, 5.2 and also 5.3. See the related developer note for additional information.
You can surf the full list of changes on Trac
For even more details, surf the complete listing of adjustments on Trac or take a look at the Variation 5.4.2 documentation page
WordPress 5.4.2 is a short-cycle upkeep launch. The following significant launch will certainly be version 5.5
You can download and install WordPress 5.4.2 from the switch on top of this web page, or see your Control Panel → Updates and also click Update Currently
If you have websites that sustain automated history updates, they have actually currently begun the upgrade procedure.
Many thanks and also props!
Along with the protection scientists stated over, thanks to everybody that assisted make WordPress 5.4.2 occur:
Andrea Fercia, argentite, M Asif Rahman, Jb Audras, Ayesh Karunaratne, bdcstr, Delowar Hossain, Rob Migchels, donmhico, Ehtisham Siddiqui, Emilie LEBRUN, finomeno, garethgillman, Giorgio25b, Gabriel Maldonado, Hector F, Ian Belanger, Aaron Jorbin, Mathieu Viet, Javier Casares, Joe McGill, jonkolbert, Jono Alderson, Joy, Tammie Lister, Kjell Reigstad, KT, markusthiel, Mayank Majeji, Mel Choyce-Dwan, mislavjuric, Mukesh Panchal, Nikhil Bhansi, oakesjosh, Dominik Schilling, Arslan Ahmed, Peter Wilson, Carolina Nymark, Stephen Bernhardt, Sam Fullalove, Alain Schlesser, Sergey Biryukov, skarabeq, Daniel Richards, Toni Viemerö, suzylah, Timothy Jacobs, TeBenachi, Jake Spurlock and also yuhin.