Fellow WordPressers! A brand new version of WordPress is here. WordPress 5.4.2 Security and Maintenance Release is now available for the public to test. This update was released yesterday and includes 23 bug fixes and enhancements. The release is for all the previous versions of WordPress. Therefore, we recommend you have this update first tested and then applied to your WordPress site.
The WordPress 5.4.2 Security and Maintenance release includes a total of 23 enhancements and also features a handful of security fixes.
You can either directly download WordPress 5.4.2 Security and Maintenance Release or venture over to Dashboard > Updates and simply click “Update Now”. Websites that support automatic background updates are already beginning to update to v5.4.2.
Security Issues fixed in WordPress 5.4.2
- An open redirect issue in wp_validate_redirect().
- An authenticated XSS issue via theme uploads.
- Issue where set-screen-option can be misused by plugins leading to privilege escalation.
- Comments from password-protected posts and pages could be displayed under certain conditions.
According to the official announcement post, WordPress 5.4.2 Security and Maintenance release is a short-cycle release and the next major release is going to be WordPress 5.5.
You can check out the full list of changelog to learn more about the changes in this release.
WordPress 5.4.1 Security and Maintenance Release