Subject: CVS commit: pkgsrc/www/wordpress
From: Daniel Horecki
Date: 2020-11-01 16:06:09
Message id: 20201101150609.1E2C9FB28@cvs.NetBSD.org
Log Message:
Security and maintenance update to version 5.5.3.

5.5.3:

This maintenance release fixes an issue introduced in WordPress 5.5.2
which makes it impossible to install WordPress on a brand new website
that does not have an existing database connection configuration.
This release does not affect sites where a database connection is
already configured, for example, via one-click installers or
an existing wp-config.php file.

5.5.2:

Security updates:
- Props to Alex Concha of the WordPress Security Team for their work in \ 
hardening deserialization requests.
- Props to David Binovec on a fix to disable spam embeds from disabled sites on \ 
a multisite network.
- Thanks to Marc Montas from Sucuri for reporting an issue that could lead to \ 
XSS from global variables.
- Thanks to Justin Tran who reported an issue surrounding privilege escalation \ 
in XML-RPC. He also found and disclosed an issue around privilege escalation \ 
around post commenting via XML-RPC.
- Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
- Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in \ 
post slugs.
- Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a \ 
method to bypass protected meta that could lead to arbitrary file deletion.
- And a special thanks to @zieladam who was integral in many of the releases and \ 
patches during this release.

Maintenance updates:
#51130 Events displayed in venue timezone instead of user’s
#51659 Update Gutenberg Dependencies for WordPress 5.5.2
#50861 Remove Facebook and Instagram as an oEmbed Source
#50903 Set the local environment to a development environment type by default
#50949 Posts show wrong time when user is in a different time zone than the site’s
#51053 Video Embeds set to align left disappear in Gutenberg editor
#51175 Wrong reply box title
#51219 Theme editor page showing undefined variable notice
#51251 Fix PHP notice when opening the edit image popup
#51263 PHP warning when editing comments in the administration comment edit screen
#51320 PHP Notice while moving post to trash (post_type has 2 registered \ 
taxonomies both with default_term set)
#51400 Undefined index during automatic plugin/theme updates
#51595 Unable to make anonymous comments via XML-RPC
#51645 Undefined index: echo in core files
Files:
RevisionActionfile
1.95modifypkgsrc/www/wordpress/Makefile
1.77modifypkgsrc/www/wordpress/distinfo