WordPress 4.9.1 Security and Maintenance Release Now Available!

WordPress 4.9.1 security and maintenance release is now available for download. Since its release on November 15, WordPress 4.9 has been downloaded over 6 million times already.

WordPress 4.9 and earlier versions are affected by four security issues which could be exploited as part of a multi-vector attack:

  • Use a properly generated hash for the newbloguser key instead of a determinate substring.
  • Add escaping to the language attributes used in html
  • Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
  • Remove the ability to upload JavaScript files for users who do not have the unfiltered_html

Eleven other bugs were fixed in WordPress 4.9.1 including some of the issues below:

  • Issues relating to the caching of theme template files.
  • A MediaElement JavaScript error preventing users of certain languages from being able to upload media files.
  • The inability to edit theme and plugin files on Windows-based servers.

John Blackbourn, from the WordPress Development Team, thanked all the reporters of these issues for practicing responsible security disclosure.

Click here for more information about all the issues fixed in WordPress 4.9.1.

You can download WordPress 4.9.1 Security and Maintenance Release or venture over to Dashboard > Updates and simply click “Update Now.”

Websites that support automatic background updates are already beginning to update to WordPress 4.9.1.

John also thanked everyone who contributed to WordPress 4.9.1.

Even though this is only a maintenance release, we advise all of you to update your sites as soon as possible.

 

Source: WordPress.org

Featured Image: WP Elevation

Leave a Reply

Your email address will not be published. Required fields are marked *