Let’s update! WordPress 5.4.1 is now available for the general public to test. The update rolled out yesterday as a Security and Maintenance Release. The release is for all the previous versions of WordPress. Therefore, we recommend you have this update first tested and then applied to your WordPress site without any delay. All versions since v3.7 have also been updated.
The WordPress 5.4.1 Security and Maintenance release includes 17 bug fixes and 7 security fixes. The update is crucial as it includes security updates. So, go ahead and test right away!
You can either directly download WordPress 5.4.1 Security and Maintenance Release or venture over to Dashboard > Updates and simply click “Update Now”. Check out some of the easiest ways to update WordPress. Websites that support automatic background updates are already beginning to update to v5.4.1.
Security Issues fixed in WordPress 5.4.1
- Password reset tokens were not properly invalidated
- Certain private posts viewed unauthenticated
- An XSS issue in the Customizer
- Issue in the search block
- An XSS issue in wp-object-cache
- An XSS issue in file uploads
- Stored XSS vulnerability in the WordPress customizer
According to the official announcement post, WordPress 5.4.1 Security and Maintenance release is a short-cycle release and the next major release is going to be WordPress 5.5.
You can check out the full list of changelog to learn more about the changes in this release.