Scroll Top

WordPress 4.9.1 Security and Maintenance Release

By Csaba, Miklós WP Maintenance WP Security WP SERVICES 2 December 2017

WORDPRESS 4.9.1 SECURITY AND MAINTENANCE RELEASE

WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. WordPress versions 4.9 and earlier are affected by 4 security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1:

  • Use a properly generated hash for the newbloguser key instead of a determinate substring.
  • Add escaping to the language attributes used on HTML elements.
  • Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
  • Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

A small number of bugs have been identified which are impactful enough that the core team has decided to release 4.9.1 with fixes for those issues. Particularly of note were:

  • Issues relating to the caching of theme template files.
  • A MediaElement JavaScript error preventing users of certain languages from being able to upload media files.
  • The inability to edit theme and plugin files on Windows-based servers.

ASK US ANYTHING WORDPRESS RELATED: We can offer you confidently, SEVERAL OPTIONS to choose which one suits your needs better.

WP Consulting

The issues that have been fixed are:

  1. #42573: File caching affecting users’ ability to use the plugin and theme file editors.
  2. #42574: MediaElement upgrade causing JS errors when certain languages are in use.
  3. #42579: Incorrect logic in extract_from_markers().
  4. #42454: Unable to translate Codex URL in theme editor.
  5. #42609: Theme editor cannot edit files when running on a Windows server.
  6. #42628: flatten_dirlist() doesn’t play nice with folders with numeric names.
  7. #42634: DB_HOST socket paths with colons not parsed correctly.
  8. #42641: On multisite upgrade the wp_blog_versions table doesn’t get updated
  9. #42673: Themes page throws console error when there is only one installed theme.
  10. In addition, one fix for a bug introduced in WordPress 4.7 will be included in 4.9.1:
    • #42242: lang attribute in the admin area doesn’t reflect a user’s language setting.

Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!

WP Security

Related Posts

JANUARY
Best of WordPress Services blog 2018 – January

Best of WordPress Services blog 2018 – January WordPress Services blog posts from 2018 – January meant readers being interested in WP Backup subjects. TOP 3 Most viewed and shared posts are: Why You Need a WordPress Backup Service and NOT JUST a Plugin Recurrent WordPress Backup stored online In…

23 Jan 2019
WPS
WordPress 4.8.1

The new WordPress 4.8.1 maitenance update contains 29 maintenance fixes and enhancements to the 4.8 release series. Changes worth mentioning are: fixes to the rich Text widget and the introduction of the Custom HTML widget. Administration #40982 – Permalink Settings: custom structure field keyboard trap Build/Test Tools #41327 – Bump…

07 Aug 2017
HACKING
7 Signs Your WordPress Security is Hacked [infographic]

7 Signs Your WordPress Security is Hacked Finding yourself asking “Is my WordPress website hacked?” means you’ll seek some quick and urgent answers. In this post, we cover seven signs of infection and what to do if you find you’ve been hacked. The faster you discover the signs of a…

26 Mar 2019
UNDER CONSTRUCTION
WP Maintenance disaster – Stuck in Maintenance Mode

WP Maintenance disaster Stuck in Maintenance Mode Maintenance Mode is a built-in function that briefly makes your site inaccessible to visitors during updates. This is useful to prevent concerns brought on by users accessing your site in the middle of an upgrade or update. Most of the time, maintenance mode…

21 Mar 2019
THEMES VULNERABILITY 2022
Disempowered WP Security: #1 WP themes vulnerability MAY 2022
11 May 2022
THEMES VULNERABILITY 2022
WP Themes vulnerability FEB 2023: 11 premium risks
07 Feb 2023
WP SECURITY PLUGIN VULNERABILITIES
43 WP Security Plugin Vulnerabilities NOV 2022
04 Nov 2022
THEMES VULNERABILITY 2022
WP Theme CVE MAR 2024: 13 Premium Hack risk
14 Mar 2024
WP SECURITY PLUGIN VULNERABILITIES
9 WP Security Plugin Vulnerabilities JAN 2022 Threat
21 Jan 2022
WP SECURITY PLUGIN VULNERABILITIES
WP Security CVE MAR 2025: 41 public plugin risks
26 Mar 2025
THEMES VULNERABILITY 2022
WP Theme CVE DEC 2023: 24 Premium Hack risk
04 Dec 2023
THEMES VULNERABILITY 2022
WP Theme CVE JAN 2024: 15 Premium Hack risk
08 Jan 2024
WP SECURITY
19 Realistically easy steps towards hardened WordPress Security

19 Realistically easy steps towards hardened WordPress Security WordPress Security should be a standard mentality regarding anything WordPress related. This means, that a few things should start immediately as you decide to have a website. Our first recommendation is: Tip #1 – choose your hosting provider carefully: Use a well-known…

04 Mar 2019
SHIMMERY CHRISTMAS
OH OH OH – WordPress and Christmas: What Could Possibly Go Wrong?

“We do not see things as they are. We see things as we are.” — Rabbi Shemuel ben Nachmani This doesn’t mean that bad things will OR won’t happen to you; it simply means that they occur in a random fashion as part of your everyday life. In the same…

21 Dec 2017
WP SECURITY PLUGIN VULNERABILITIES
14 WP Security Plugin Vulnerabilities MAY 2022 Threat
16 May 2022
owlpower.eu
Top Searches:
infected hacked migrate perfect pagespeed managed monitoring