WordPress 4.9.1 Security and Maintenance Release
- Use a properly generated hash for the newbloguser key instead of a determinate substring.
- Add escaping to the language attributes used on HTML elements.
- Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
A small number of bugs have been identified which are impactful enough that the core team has decided to release 4.9.1 with fixes for those issues. Particularly of note were:
- Issues relating to the caching of theme template files.
- The inability to edit theme and plugin files on Windows-based servers.
Enjoy a headache-free WordPress!
WHY HESITATE? Your business niche won't! Your competition won't! YOUR ATTACKERS WON'T.
The issues that have been fixed are:
- #42573: File caching affecting users’ ability to use the plugin and theme file editors.
- #42574: MediaElement upgrade causing JS errors when certain languages are in use.
- #42579: Incorrect logic in
- #42454: Unable to translate Codex URL in theme editor.
- #42609: Theme editor cannot edit files when running on a Windows server.
flatten_dirlist()doesn’t play nice with folders with numeric names.
DB_HOSTsocket paths with colons not parsed correctly.
- #42641: On multisite upgrade the
wp_blog_versionstable doesn’t get updated
- #42673: Themes page throws console error when there is only one installed theme.
- In addition, one fix for a bug introduced in WordPress 4.7 will be included in 4.9.1:
langattribute in the admin area doesn’t reflect a user’s language setting.
Protect your WordPress!
BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business.