WordPress 4.9.1 was released on November 29 and is a security update. The update fixes four security issues for all versions of WordPress since 3.7. The vulnerabilities could be exploited as part of a multi-vector attack.
The update implements four methods of preventing these kinds of attacks:
- Use a properly generated hash for the newbloguser key instead of a determinate substring.
- Add escaping to the language attributes used on html elements.
- Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
- Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.
Beside the security fixes also 11 bugs were fixed. One of the fixed bugs was the issues related to the caching of theme files and also the issue with the inability to edit theme and plugin files on Windows based servers was solved.
Remember to create a backup before installing updates.
(Beitragsbild von monsitj)
