pkgsrc.se | The NetBSD package collection

Subject: CVS commit: pkgsrc/www/wordpress
From: Daniel Horecki
Date: 2020-05-03 14:00:03
Message id: 20200503120004.1469AFB27@cvs.NetBSD.org

Log Message:
Update to version 5.4.1.

Changes for 5.4:

Too much to include here, visit \ 
https://wordpress.org/support/wordpress-version/version-5-4/

Changes for 5.4.1:

Six security issues affect WordPress versions 5.4 and earlier; version 5.4.1 \ 
fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, \ 
there are also updated versions of 5.3 and earlier that fix the security issues.

- Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an \ 
issue where password reset tokens were not properly invalidated
- Props to ka1n4t for finding an issue where certain private posts can be viewed \ 
unauthenticated
- Props to Evan Ricafort for discovering an XSS issue in the Customizer
- Props to Ben Bidner from the WordPress Security Team who discovered an XSS \ 
issue in the search block
- Props to Nick Daugherty from WPVIP.com / WordPress Security Team who \ 
discovered an XSS issue in wp-object-cache
- Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently \ 
reported an XSS issue in file uploads.
- Additionally, an authenticated XSS issue in the block editor was discovered by \ 
Nguyen the Duc in WordPress 5.4 RC1 and RC2. It was fixed in 5.4 RC5. We wanted \ 
to be sure to give credit and thank them for all of their work in making \ 
WordPress more secure.

WordPress 5.4.1 also fixes some regressions introduced in version 5.4:

#49838 – Accessibility: Fix the headings hierarchy on the Freedoms page
#49798 – Customize: Give the WordPress logo a white background for dark mode \ 
browsers
#49853 – Mail: Make the check for empty post title in wp-mail.php more resilient
#49753 – Media: Remove display: none; from the (visually hidden) <input \ 
type="file"> button used in Plupload to select files for uploading. \ 
Fixes selecting files in Edge <= 44 and iOS Safari
#49772 – Privacy: Support additional elements (table, ol, ul) in privacy \ 
policy guide new styling
#49802 – Privacy: Make the deprecated wp_get_user_request_data() function \ 
available on front end
#49645 – REST API: Fix revisions controller get_item permission check
#49648 – REST API: Fix _fields filtering of registered rest fields
#49824 – Site Health: Instantiation prevents use of some hooks by plugins
#49759 – Taxonomy: Un-deprecate category_link and tag_link filters
#49974 – Block Editor updates

Files:

Revision	Action	file
1.92	modify	pkgsrc/www/wordpress/Makefile
1.43	modify	pkgsrc/www/wordpress/PLIST
1.74	modify	pkgsrc/www/wordpress/distinfo