WordPress 4.9.5 Security and Maintenance Release is now available for download. This maintenance and security release was issued by WordPress and is for all the previous versions. WordPress suggests strongly that you have this update applied to your WordPress website without delay and so do we.
WordPress versions 4.9.4 and earlier versions were affected by three security issues. Below are the three security hardening changes included in WordPress 4.9.5:
- Don’t treat localhost as the same host by default.
- Use safe redirects when redirecting the login page if SSL is forced.
- Make sure the version string is correctly escaped for use in generator tags.
Aaron D. Campbell from the WordPress Development Team has thanked the reporters of these issues for practicing responsible security disclosure: xknown, Nitin Venkatesh (nitstorm), and Garth Mortensen.
Other than that, WordPress 4.9.5 Security and Maintenance Release has included 25 bug fixes. Some of which are:
- The previous styles on caption shortcodes have been restored.
- Cropping on touchscreen devices is now supported.
- A variety of strings such as error messages have been updated for better clarity.
- The position of an attachment placeholder during uploads has been fixed.
- Improved compatibility with PHP 7.2.
You can check out the full list of changelog to learn more about the changes in WordPress 4.9.5.
You can download WordPress 4.9.5 Security and Maintenance Release or venture over to Dashboard > Updates and simply click “Update Now.”
Websites that support automatic background updates are already beginning to update to WordPress 4.9.5.
Aaron has also thanked everyone who were involved in contributing WordPress 4.9.5.