Path to this page:
Subject: CVS commit: pkgsrc/www/php-ja-wordpress
From: Takahiro Kambe
Date: 2019-12-16 17:52:40
Message id: 20191216165240.ED8E5FA97@cvs.NetBSD.org
Log Message:
www/php-ja-wordpress: update to 5.3.1
Update php-ja-wordpress from 4.5.3 to 5.3.1.
This release contains these security fixes.
* Props to Daniel Bachhuber for finding an issue where an unprivileged
user could make a post sticky via the REST API.
* Props to Simon Scannell of RIPS Technologies for finding and
disclosing an issue where cross-site scripting (XSS) could be stored
in well-crafted links.
* Props to the WordPress.org Security Team for hardening
wp_kses_bad_protocol() to ensure that it is aware of the named colon
attribute.
* Props to Nguyen The Duc for discovering a stored XSS vulnerability
using block editor content.
For more detail about version 5.3.1, please refer
<https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/>
And changes from 4.5.3 to 5.3.0, please refer HOMEPAGE and
<https://wordpress.org/>.
Files: