WordPress 5.1.1 Security and Maintenance Release
WordPress 5.1.1 is now available, since Tuesday night, March 12, 2019. This is a security and maintenance release that addresses 14 bugs. We strongly encourage you to update your sites immediately. The primary focus of this release was on security improvements and changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2.
This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting. WordPress versions 5.1 and earlier are affected by these bugs, which are fixed in version WordPress 5.1.1 Security and Maintenance Release. Updated versions of WordPress 5.0 and earlier are also available for any users who have not yet updated to 5.1.
|Ticket||WordPress 5.1.1 Security and Maintenance Release Summary||Type||Component|
|#46065||Add possibility to set a higher recommended php version for the “Update PHP notice”||enhancement||General|
|#46074||Provide way for hosts to create a correctly labeled button or link to directly upgrade PHP||enhancement||General|
|#46277||Remove trailing space from strings||defect (bug)||I18N|
|#46295||Build: Minify images||task (blessed)||Build/Test Tools|
|#46300||Return type/value of get_site is not being checked in wp_insert_site||enhancement||Networks and Sites|
|#46319||5.1 About page invalid HTML||defect (bug)||Help/About|
|#46335||Custom HTML Issues||defect (bug)||Widgets|
|#46351||Properly re-fill the `$meta` param of deprecated `wpmu_new_blog` action||defect (bug)||Networks and Sites|
|#46368||Drop background on #menu-management on Admin Menus screen||defect (bug)||Menus|