WordPress 5.8.1 is now out there!
This safety and upkeep launch options 60 bug fixes along with 3 safety fixes. As a result of it is a safety launch, it is suggested that you simply replace your websites instantly. All variations since WordPress 5.4 have additionally been up to date.
WordPress 5.8.1 is a short-cycle safety and upkeep launch. The subsequent main launch can be model 5.9.
You may obtain WordPress 5.8.1 by downloading from WordPress.org, or go to your Dashboard → Updates and click on Replace Now.
When you’ve got websites that assist automated background updates, they’ve already began the replace course of.
3 safety points have an effect on WordPress variations between 5.4 and 5.8. In the event you haven’t but up to date to five.8, all WordPress variations since 5.4 have additionally been up to date to repair the next safety points:
- Props @mdawaffe, member of the WordPress Safety Group for his or her work fixing an information publicity vulnerability throughout the REST API.
- Props to Michał Bentkowski of Securitum for reporting a XSS vulnerability within the block editor.
- The Lodash library has been up to date to model 4.17.21 in every department to include upstream safety fixes.
Along with these points, the safety staff wish to thank the next folks for reporting vulnerabilities through the WordPress 5.8 beta testing interval, permitting them to be fastened previous to launch:
- Props Evan Ricafort for reporting a XSS vulnerability within the block editor found through the 5.8 launch’s beta interval.
- Props Steve Henty for reporting a privilege escalation challenge within the block editor.
Thanks to all the reporters for privately disclosing the vulnerabilities. This gave the WordPress safety staff time to repair the vulnerabilities earlier than WordPress websites may very well be attacked.
Thanks and props!
Along with the safety researchers and launch squad members talked about above, thanks to everybody who helped make WordPress 5.8.1 occur:
2linctools, Adam Zielinski, Alain Schlesser, Alex Lende, alexstine, AlGala, André, Andrei Draganescu, Andrew Ozz, Ankit Panchal, Anthony Burchell, Anton Vlasenko, Ari Stathopoulos, Bruno Ribaric, Carolina Nymark, Daisy Olsen, Daniel Richards, Daria, David Anderson, David Biňovec, David Herrera, Dominik Schilling, Ella van Durpe, Enchiridion, Evan Mullins, Gary Jones, George Mamadashvili, Greg Ziółkowski, Héctor Prieto, ianmjones, Jb Audras, Jeff Bowen, Joe Dolson, Joen A., John Blackbourn, Jonathan Desrosiers, JuanMa Garrido, Juliette Reinders Folmer, Kai Hao, Kapil Paul, Kerry Liu, Kevin Fodness, Marcus Kazmierczak, Mark-k, Matt, Michael Adams (mdawaffe), Mike Schroder, moch11, Mukesh Panchal, Nik Tsekouras, Paal Joachim Romdahl, Pascal Birchler, Paul Bearne, Paul Biron, Peter Wilson, Petter Walbø Johnsgård, Radixweb, Rahul Mehta, ramonopoly, ravipatel, Riad Benguella, Robert Anderson, Rodrigo Arias, Sanket Chodavadiya, Sergey Biryukov, Stephen Bernhardt, Stephen Edgar, Steve Henty, terraling, Timothy Jacobs, tmatsuur, TobiasBg, Tonya Mork, Toro_Unit (Hiroshi Urabe), Vlad T, wb1234, and WFMattR.