WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.
An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.
Activity slowed down in December in the WordPress community, particularly in the last two weeks. However, the month started off with a big event and work still pushed forward in a number of key areas of the project. Read on to find out more about what transpired in the WordPress community as 2017 came to a close.
WordCamp US 2017 Brings the Community Together
For many years, we’ve invited folks to tell us how they use WordPress by filling out an annual survey. In the past, interesting results from this survey have been shared in the annual State of the Word address. This year, for the first time, the results of the 2017 survey are being published on WordPress News, along with the results of the 2015 and 2016 survey.
So that information from the survey doesn’t reveal anything that respondents might consider private, we do not publish a full export of the raw data. We’d love to make this information as accessible as possible, though, so if you have a suggestion for an OS project or tool we can put the data into that allows people to play with it that still protects individual response privacy, please leave a comment on this post!
The WordPress project recently released WordPress 4.9, “Tipton” — a new major release named in honor of musician and band leader Billy Tipton. Read on to find out more about this and other interesting news from around the WordPress world in November.
WordPress 4.9 “Tipton”
WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.
WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team’s ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1:
Major Customizer Improvements, Code Error Checking, and More! 🎉
The third release candidate for WordPress 4.9 is now available.
A release candidate (RC) means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. In fact, we did miss some things in RC1 and RC2. This third release candidate was not originally scheduled, but due a number of defects uncovered through your testing of RC2 (thank you!), we are putting out another 4.9 release candidate.
The second release candidate for WordPress 4.9 is now available.
A release candidate (RC) means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.9 on Tuesday, November 14 (just over one week from now), but we need your help to get there. If you haven’t tested 4.9 yet, now is the time!
While this month we focused on building new features for WordPress core, we advanced other areas of the project too. Read on to learn more about what the WordPress project accomplished during the month of October.
Take the 2017 Annual WordPress User Survey
WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara.