Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Update to 4.0.1
Changelog:
WordPress 4.0.1 is now available. This is a critical security release for all \
previous versions and we strongly encourage you to update your sites \
immediately.
Sites that support automatic background updates will be updated to WordPress \
4.0.1 within the next few hours. If you are still on WordPress 3.9.2, 3.8.4, or \
3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. \
(We donât support older versions, so please update to 4.0.1 for the latest \
and greatest.)
WordPress versions 3.9.2 and earlier are affected by a critical cross-site \
scripting vulnerability, which could enable anonymous users to compromise a \
site. This was reported by Jouko Pynnonen. This issue does not affect version \
4.0, but version 4.0.1 does address these eight security issues:
Three cross-site scripting issues that a contributor or author could use to \
compromise a site. Discovered by Jon Cave, Robert Chapin, and John Blackbourn of \
the WordPress security team.
A cross-site request forgery that could be used to trick a user into \
changing their password.
An issue that could lead to a denial of service when passwords are checked. \
Reported by Javier Nieto Arevalo and Andres Rojas Guerrero.
Additional protections for server-side request forgery attacks when \
WordPress makes HTTP requests. Reported by Ben Bidner (vortfu).
An extremely unlikely hash collision could allow a userâs account to be \
compromised, that also required that they havenât logged in since 2008 (I \
wish I were kidding). Reported by David Anderson.
WordPress now invalidates the links in a password reset email if the user \
remembers their password, logs in, and changes their email address. Reported \
separately by Momen Bassel, Tanoy Bose, and Bojan SlavkoviÄ of ManageWP.
Version 4.0.1 also fixes 23 bugs with 4.0, and weâve made two hardening \
changes, including better validation of EXIF data we are extracting from \
uploaded photos. Reported by Chris Andrè Dale.
We appreciated the responsible disclosure of these issues directly to our \
security team. For more information, see the release notes or consult the list \
of changes.
Download WordPress 4.0.1 or venture over to Dashboard -> Updates and simply \
click âUpdate Nowâ.
| Revision | Action | file |
| 1.5 | modify | pkgsrc/www/php-ja-wordpress/Makefile |
| 1.5 | modify | pkgsrc/www/php-ja-wordpress/distinfo |