WordPress har uppdaterat sin CMS-lösning till version 4.9.5 – en version som innehåller flera viktiga säkerhetsuppdateringar.
Sitter du med en äldre version, 4.9.3, bör du var uppmärksam på att du kan behöva uppdatera manuellt då det fanns/finns en bugg i dem versionen där automatiska uppdateringar inte fungerar.
I senare versioner så är den buggen åtgärdad.
WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.
WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team’s ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5:
- Don’t treat
localhost
as same host by default.- Use safe redirects when redirecting the login page if SSL is forced.
- Make sure the version string is correctly escaped for use in generator tags.
Thank you to the reporters of these issues for practicing coordinated security disclosure: xknown of the WordPress Security Team, Nitin Venkatesh (nitstorm), and Garth Mortensen of the WordPress Security Team.
0 kommentarer