Path to this page:
Subject: CVS commit: pkgsrc/www/wordpress
From: Daniel Horecki
Date: 2020-05-03 14:00:03
Message id: 20200503120004.1469AFB27@cvs.NetBSD.org
Log Message:
Update to version 5.4.1.
Changes for 5.4:
Too much to include here, visit \
https://wordpress.org/support/wordpress-version/version-5-4/
Changes for 5.4.1:
Six security issues affect WordPress versions 5.4 and earlier; version 5.4.1 \
fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, \
there are also updated versions of 5.3 and earlier that fix the security issues.
- Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an \
issue where password reset tokens were not properly invalidated
- Props to ka1n4t for finding an issue where certain private posts can be viewed \
unauthenticated
- Props to Evan Ricafort for discovering an XSS issue in the Customizer
- Props to Ben Bidner from the WordPress Security Team who discovered an XSS \
issue in the search block
- Props to Nick Daugherty from WPVIP.com / WordPress Security Team who \
discovered an XSS issue in wp-object-cache
- Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently \
reported an XSS issue in file uploads.
- Additionally, an authenticated XSS issue in the block editor was discovered by \
Nguyen the Duc in WordPress 5.4 RC1 and RC2. It was fixed in 5.4 RC5. We wanted \
to be sure to give credit and thank them for all of their work in making \
WordPress more secure.
WordPress 5.4.1 also fixes some regressions introduced in version 5.4:
#49838 – Accessibility: Fix the headings hierarchy on the Freedoms page
#49798 – Customize: Give the WordPress logo a white background for dark mode \
browsers
#49853 – Mail: Make the check for empty post title in wp-mail.php more resilient
#49753 – Media: Remove display: none; from the (visually hidden) <input \
type="file"> button used in Plupload to select files for uploading. \
Fixes selecting files in Edge <= 44 and iOS Safari
#49772 – Privacy: Support additional elements (table, ol, ul) in privacy \
policy guide new styling
#49802 – Privacy: Make the deprecated wp_get_user_request_data() function \
available on front end
#49645 – REST API: Fix revisions controller get_item permission check
#49648 – REST API: Fix _fields filtering of registered rest fields
#49824 – Site Health: Instantiation prevents use of some hooks by plugins
#49759 – Taxonomy: Un-deprecate category_link and tag_link filters
#49974 – Block Editor updates
Files: