Gli sviluppatori di WordPress hanno da poco rilasciato la versione 4.6.1 che va a sistemare due pericolose vulnerabilità e contemporaneamente corregge 15 bug introdotti nell’ultima release. Il blog di WordPress infatti riporta:
From the WordPress 4.6.1 release post: WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.
Come sempre vi consiglio di eseguire un backup di wordpress prima di effettuare l’aggiornamento.
A causa dei fix di sicurezza presenti in questa release è vivamente consigliato a tutti gli utenti di effettuare l’aggiornamento al più presto.
WordPress 4.6.1 Changelog: lista dei bug corretti
Bootstrap/Load
#37680 – PHP Warning: ini_get_all() has been disabled for security reasons
Database
#37683 – $collate and $charset can be undefined in wpdb::init_charset()
#37689 – Issues with utf8mb4 collation and the 4.6 update
Editor
#37690 – Backspace causes jumping
#37736 – Emails fail on certain server setups
External Libraries
#37700 – Warning: curl_exec() has been disabled for security reasons (Requests library)
#37720 – The minified version of the Masonry shim was not updated in #37666 (Masonry library)
HTTP API
#37733 – cURL error 3: malformed for remote requests
#37768 – HTTP API no longer accepts integer and float values for the cookies argument
Post Thumbnails
#37697 – Strange behavior with thumbnails on preview in 4.6
Script Loader
#37800 – Close “link rel” dns-prefetch tag
Taxonomy
#37721 – Improve error handling of is_object_in_term in taxonomy.php
Themes
#37755 – Visual Editor: Weird unicode (Vietnamese) characters display on WordPress 4.6
TinyMCE
#37760 – Problem with RTL
Upgrade/Install
#37731 – Infinite loop in _wp_json_sanity_check() during plugin install
WordPress 4.6.1 changelog completo di lista dei files che sono stati modificati.
