Navigation:
Browse pkgsrc
(this page) 2018-07-07 04:55:25 by Wen Heping | Files touched by this commit (2) |  |
Log message:
Update to 4.9.7
Upstream changes:
WordPress 4.9.7 is now available. This is a security and maintenance release for \
all versions since WordPress 3.7. We strongly encourage you to update your sites \
immediately.
WordPress versions 4.9.6 and earlier are affected by a media issue that could \
potentially allow a user with certain capabilities to attempt to delete files \
outside the uploads directory.
Thank you to Slavco for reporting the original issue and Matt Barry for \
reporting related issues.
Seventeen other bugs were fixed in WordPress 4.9.7. Particularly of note were:
Taxonomy: Improve cache handling for term queries.
Posts, Post Types: Clear post password cookie when logging out.
Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen.
Community Events Dashboard: Always show the nearest WordCamp if one is \
coming up, even if there are multiple Meetups happening first.
Privacy: Make sure default privacy policy content does not cause a fatal \
error when flushing rewrite rules outside of the admin context.
|
| 2018-07-04 15:40:45 by Jonathan Perkin | Files touched by this commit (423) |
Log message: *: Move SUBST_STAGE from post-patch to pre-configure Performing substitutions during post-patch breaks tools such as mkpatches, making it very difficult to regenerate correct patches after making changes, and often leading to substituted string replacements being committed. |
| 2018-05-18 16:22:40 by John Klos | Files touched by this commit (2) |
Log message: Update to 4.9.6, which is a privacy and maintenance release: https://wordpress.org/news/2018/05/wordpress-4-9-6-privacy-and-maintenance-release/ |
| 2018-04-16 12:22:10 by Daniel Horecki | Files touched by this commit (2) | |
Log message: Update to version 4.9.5. This maintenance release fixes 28 bugs in 4.9, including fixes for Customizer, \ media library, error notices, and some security fixes. Twenty Seventeen bundled \ theme and Hello Dolly bundled plugin have also been updated. WordPress versions 4.9.4 and earlier are affected by three security issues. More changes at https://codex.wordpress.org/Version_4.9.5. |
| 2018-02-12 09:33:19 by John Klos | Files touched by this commit (2) |
Log message: Update Wordpress to 4.9.4 which fixes an issue introduced in 4.9.3. 4.9.3 fixes 34 bugs: https://codex.wordpress.org/Version_4.9.3 https://codex.wordpress.org/Version_4.9.4 |
| 2018-01-20 12:58:01 by Daniel Horecki | Files touched by this commit (3) |
Log message: Update to version 4.9.2 CHanges: XSS fixed in the Flash fallback files in MediaElement 4.x. Bundled Theme #42820 - Twenty Seventeen -watch that language Customize #42492 - Selecting menu location changes line height #42871 - Features box textstrings in Feature Filter area need new linebreak Database #42812 - Use MySQLi when available by default Editor #42664 - Editor link autocomplete suggestions: no fallback title displayed for \ posts with no title #43012 - Cannot Update Post in Firefox Due to Editor and TinyMCE JavaScript \ TypeErrors External Libraries #42439 - Update random_compat external library for PHP 7 linting failure Formatting #42578 - PHP functions inside <p> tags creates new <p> tag, breaking \ the parent tag into two. Media #42225 - Whitelist Flac Files #42447 - Mark test_remove_orientation_data_on_rotate as skipped when \ exif_read_data isn't available #42480 - Consistent suppression of `getimagesize()` errors #42720 - Remove unnecessary MediaElement.js files Plugins #43082 - Add plugins search results: the plugin details modal opens in the \ thickbox modal REST API #42828 - Hard-coded 403 status in REST response should use \ `rest_authorization_required_code()` Taxonomy #42771 - WP_Term::get_instance() regression for non-category terms queried with \ 'category' taxonomy #42605 - category_description() does not work properly since 4.9 #42717 - get_category_link() accepting object but not id TinyMCE #42416 - Code assumes iframe mode, exception in inline mode Upgrade/Install #42963 - Improve deletion of $_old_files during upgrades Widgets #42603 - Widgets Warning after activating theme and on dashboard widgets page #42719 - Always attempt to restore widgets' previous assignment #42867 - HTML Widget: toggleClass() should be passed true/false as second param |
| 2017-12-03 18:06:37 by Daniel Horecki | Files touched by this commit (3) |
Log message: Update to newest version, 4.9.1 This version fixes 4 security bugs from earlier versions. For details, head to https://codex.wordpress.org/Version_4.9.1 For 4.9 changes, head to https://codex.wordpress.org/Version_4.9 |
| 2017-11-03 10:49:13 by Daniel Horecki | Files touched by this commit (3) | |
Log message: Security update to version 4.8.3. WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara. |
| 2017-09-21 21:24:46 by Daniel Horecki | Files touched by this commit (2) | |
Log message: Security update to version 4.8.2 Security issues: - $wpdb->prepare() can create unexpected and unsafe queries leading to \ potential SQL injection (SQLi). WordPress core is not directly vulnerable to \ this issue, but we’ve added hardening to prevent plugins and themes from \ accidentally causing a vulnerability. Reported by Slavco. - A cross-site scripting (XSS) vulnerability was discovered in the oEmbed \ discovery. Reported by xknown of the WordPress Security Team. - A cross-site scripting (XSS) vulnerability was discovered in the visual \ editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security. - A path traversal vulnerability was discovered in the file unzipping code. \ Reported by Alex Chapman (noxrnet). - A cross-site scripting (XSS) vulnerability was discovered in the plugin \ editor. Reported by 陈瑞琦 (Chen Ruiqi). - An open redirect was discovered on the user and term edit screens. Reported by \ Yasin Soliman (ysx). - A path traversal vulnerability was discovered in the customizer. Reported by \ Weston Ruter of the WordPress Security Team. - A cross-site scripting (XSS) vulnerability was discovered in template names. \ Reported by Luka (sikic). - A cross-site scripting (XSS) vulnerability was discovered in the link modal. \ Reported by Anas Roubi (qasuar). And 6 other fixes: * Emoji - #41584 - Upgrade Twemoji to 2.5.0 - #41852 - Fix UN flag test by returning the correct value. *I18N - #41794 - Support numbers in locales during installation * Security - #13377 - Add more sanitization in _cleanup_header_comment *Widgets - #41596 - New Text Widget recognizes HTML but does not render it in the front end - #41622 - Text widget can show DOMDocument::loadHTML() warnings in admin when \ is_legacy_widget method is called More on https://codex.wordpress.org/Version_4.8.2 |
| 2017-09-06 11:03:07 by Thomas Klausner | Files touched by this commit (86) |
Log message: Follow some redirects. |
New packages: