Get priority WP Support NOW and immediate help for HACKED, INFECTED, CRASHED, LOCKED-OUT, NOT-WORKING sites!

WordPress 4.9.1 Security and Maintenance Release

WordPress 4.9.1 Security and Maintenance Release

WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. WordPress versions 4.9 and earlier are affected by 4 security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1:

  • Use a properly generated hash for the newbloguser key instead of a determinate substring.
  • Add escaping to the language attributes used on HTML elements.
  • Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
  • Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

A small number of bugs have been identified which are impactful enough that the core team has decided to release 4.9.1 with fixes for those issues. Particularly of note were:

  • Issues relating to the caching of theme template files.
  • A MediaElement JavaScript error preventing users of certain languages from being able to upload media files.
  • The inability to edit theme and plugin files on Windows-based servers.

ASK US ANYTHING WORDPRESS RELATED: We can offer you confidently, SEVERAL OPTIONS to choose which one suits your needs better.

The issues that have been fixed are:

  1. #42573: File caching affecting users’ ability to use the plugin and theme file editors.
  2. #42574: MediaElement upgrade causing JS errors when certain languages are in use.
  3. #42579: Incorrect logic in extract_from_markers().
  4. #42454: Unable to translate Codex URL in theme editor.
  5. #42609: Theme editor cannot edit files when running on a Windows server.
  6. #42628: flatten_dirlist() doesn’t play nice with folders with numeric names.
  7. #42634: DB_HOST socket paths with colons not parsed correctly.
  8. #42641: On multisite upgrade the wp_blog_versions table doesn’t get updated
  9. #42673: Themes page throws console error when there is only one installed theme.
  10. In addition, one fix for a bug introduced in WordPress 4.7 will be included in 4.9.1:
    • #42242: lang attribute in the admin area doesn’t reflect a user’s language setting.

Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!

Related Posts