WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. WordPress versions 4.9 and earlier are affected by 4 security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1:
- Use a properly generated hash for the newbloguser key instead of a determinate substring.
- Add escaping to the language attributes used on HTML elements.
- Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
- Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.
A small number of bugs have been identified which are impactful enough that the core team has decided to release 4.9.1 with fixes for those issues. Particularly of note were:
- Issues relating to the caching of theme template files.
- A MediaElement JavaScript error preventing users of certain languages from being able to upload media files.
- The inability to edit theme and plugin files on Windows-based servers.
ASK US ANYTHING WORDPRESS RELATED: We can offer you confidently, SEVERAL OPTIONS to choose which one suits your needs better.
The issues that have been fixed are:
- #42573: File caching affecting users’ ability to use the plugin and theme file editors.
- #42574: MediaElement upgrade causing JS errors when certain languages are in use.
- #42579: Incorrect logic in
extract_from_markers(). - #42454: Unable to translate Codex URL in theme editor.
- #42609: Theme editor cannot edit files when running on a Windows server.
- #42628:
flatten_dirlist()doesn’t play nice with folders with numeric names. - #42634:
DB_HOSTsocket paths with colons not parsed correctly. - #42641: On multisite upgrade the
wp_blog_versionstable doesn’t get updated - #42673: Themes page throws console error when there is only one installed theme.
- In addition, one fix for a bug introduced in WordPress 4.7 will be included in 4.9.1:
- #42242:
langattribute in the admin area doesn’t reflect a user’s language setting.
- #42242:
Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!
