WordPress 4.4.2 is a security fix release and strongly recommended. It fixes two security issues: A possible SSRF (Server Side Request Forgery) for certain local URLs and an open redirection attack. Also 17 bug fixes are included.
Here is an overview of the bug fixes:
- wp_list_comments ignores $comments parameter
- 4.4 Regression on Querying for Comments by Multiple Post Fields
- Comments_clauses filter
- ’networks› should be global cache group
- Images with latin extended characters in exif (slovak/czech) are missing thumbnails
- Using libsodium for random bytes breaks plugin update in WP 4.4
- Strange pagination issue on front page after 4.4.1 update
- Customizer should not try to return to the login screen
- Error in SQL syntax search page
- Default URL for emoji images should be always https
- Incorrect comment ordering when comment threading is turned off
- Taxonomies Quick Edit: prevent page reload when submitting
- per_page parameter no longer works in wp_list_comments
- ModSecurity2 blocks Potential Obfuscated Javascript in outbound anomaly
- Incorrect comment pagination when comment threading is turned off
- update_term_cache and deleting object_id
- Button to delete inactive widgets is displayed on inactive sidebars
A more detailed list of changes can you see here.
Don’t forget to keep your WordPress installation up to date and backup before you press the button.
