Scroll Top

WordPress 4.9.1 Security and Maintenance Release

By Csaba, Miklós WP Maintenance WP Security WP SERVICES 2 December 2017

WORDPRESS 4.9.1 SECURITY AND MAINTENANCE RELEASE

WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. WordPress versions 4.9 and earlier are affected by 4 security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team’s ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1:

  • Use a properly generated hash for the newbloguser key instead of a determinate substring.
  • Add escaping to the language attributes used on HTML elements.
  • Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
  • Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

A small number of bugs have been identified which are impactful enough that the core team has decided to release 4.9.1 with fixes for those issues. Particularly of note were:

  • Issues relating to the caching of theme template files.
  • A MediaElement JavaScript error preventing users of certain languages from being able to upload media files.
  • The inability to edit theme and plugin files on Windows-based servers.

ASK US ANYTHING WORDPRESS RELATED: We can offer you confidently, SEVERAL OPTIONS to choose which one suits your needs better.

WP Consulting

The issues that have been fixed are:

  1. #42573: File caching affecting users’ ability to use the plugin and theme file editors.
  2. #42574: MediaElement upgrade causing JS errors when certain languages are in use.
  3. #42579: Incorrect logic in extract_from_markers().
  4. #42454: Unable to translate Codex URL in theme editor.
  5. #42609: Theme editor cannot edit files when running on a Windows server.
  6. #42628: flatten_dirlist() doesn’t play nice with folders with numeric names.
  7. #42634: DB_HOST socket paths with colons not parsed correctly.
  8. #42641: On multisite upgrade the wp_blog_versions table doesn’t get updated
  9. #42673: Themes page throws console error when there is only one installed theme.
  10. In addition, one fix for a bug introduced in WordPress 4.7 will be included in 4.9.1:
    • #42242: lang attribute in the admin area doesn’t reflect a user’s language setting.

Protect your WordPress: BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!

WP Security

Related Posts

WP SECURITY
WP Security: 3 theme vulnerabilities in NOV 2018

WP Security bulletin – NOVEMBER 2018 At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 3 vulnerabilities in WordPress themes identified and reported publicly during. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins – your risking serious…

09 Jan 2019
SUDDEN DROP
Sudden Drop in Website Traffic

If you look at your analytic reports and see a sudden and constantly dropping trend in your website traffic, then it could be a sign that your WordPress site is hacked. There are some common tell-tale signs that should help you figure out if your WordPress site is compromised. No…

28 Jul 2017
THEMES VULNERABILITY 2022
WP Themes vulnerability DEC 2022: 3 premium risks
12 Dec 2022
WP SECURITY PLUGIN VULNERABILITIES
44 WP Security Plugin Vulnerabilities JUL 2022 Threat
18 Jul 2022
2018
Best of 2018 from WordPress Services blog

Best of 2018 from WordPress Services blog Best of 2018 from WordPress Services blog meant readers being the most interested in these post: JANUARY: Inconceivably Modern WordPress Backup Myths and Legends FEBRUARY: Achieve HIGHER Conversion Rates and ROI for your Referral links with owl URL’s OVERLAY PAGES feature MARCH: WordPress…

14 Feb 2019
BLOG PICTURE 256 4 1
What is preventative WP maintenance?

”We sell WordPress as “easy” and it is easy to a point… The expectation is that everything is that simple. However, behind the WordPress dashboard are PHP, CSS, and JavaScript code files that connect to a MySQL database.” Code Poet ~ Locking Down WordPress What is preventative maintenance? We can…

28 Mar 2016
THEMES VULNERABILITY 2022
WP Themes vulnerability JUN 2023: 27 premium risks
05 Jun 2023
BLOG PICTURE 256 1 1
Why should you let us do the maintenance?

”We sell WordPress as “easy” and it is easy to a point… The expectation is that everything is that simple. However, behind the WordPress dashboard are PHP, CSS, and JavaScript code files that connect to a MySQL database.” Code Poet ~ Locking Down WordPress Why should you let us do…

28 Mar 2016
NOVEMBER
Best of WordPress Services blog 2018 – November

Best of WordPress Services blog 2018 – November WordPress Services blog posts from 2018 – November meant readers being interested in WP Services and mental barrier subjects. TOP 3 Most viewed and shared posts are: Fear Of Failure – A MENTAL BARRIER HURTING YOUR BUSINESS Hyper Guide: MENTAL BARRIERS HURTING…

11 Feb 2019
WORDPRESS LOGO
WordPress 4.9.2 Security and Maintenance Release

WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files…

22 Jan 2018
WP SECURITY
WP Security: 27 plugin vulnerabilities in November

For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: Qards Stored Cross-Site Scripting (XSS) + Server Side Request Forgery (SSRF) reported by theMiddle https://mobile.twitter.com/Menin_TheMiddle. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web…

04 Dec 2017
EASY PEASY
Easy-peasy WordPress Hacking

Back in 2013, a web publishing company, Interconnect/IT, released a handy tool for finding and replacing text in a website’s database. This tool, a stand-alone file published as “searchreplacedb2.php”, includes built-in WordPress compatibility that makes working with WordPress databases a breeze. Unfortunately, since the first public version, it did not…

27 Jul 2017
WP SECURITY PLUGIN VULNERABILITIES
44 WP Security Plugin Vulnerabilities MAY 2023
22 May 2023
THEMES VULNERABILITY 2022
WP Theme CVE JUL 2024: 59 Premium Hack risk
14 Jul 2024
WP SECURITY
WP Security: 21 plugin vulnerabilities in March 2019

WP Security bulletin – March 2019 At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 21 vulnerabilities in WordPress plugins identified and reported publicly. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins – your risking serious WordPress…

09 Apr 2019
owlpower.eu
owlpower.eu
owlpower.eu
16+ years of owlsome experience
We're on an empowering mission for website owners, who desire not to be transformed forcefully into IT experts.