WordPress 4.4.2 Security and Maintenance Release

·

·

WordPress 4.4.2 is a security fix release and strongly recommended. It fixes two security issues: A possible SSRF (Server Side Request Forgery) for certain local URLs and an open redirection attack. Also 17 bug fixes are included.

Here is an overview of the bug fixes:

  • wp_list_comments ignores $comments parameter
  • 4.4 Regression on Querying for Comments by Multiple Post Fields
  • Comments_clauses filter
  • ’networks› should be global cache group
  • Images with latin extended characters in exif (slovak/czech) are missing thumbnails
  • Using libsodium for random bytes breaks plugin update in WP 4.4
  • Strange pagination issue on front page after 4.4.1 update
  • Customizer should not try to return to the login screen
  • Error in SQL syntax search page
  • Default URL for emoji images should be always https
  • Incorrect comment ordering when comment threading is turned off
  • Taxonomies Quick Edit: prevent page reload when submitting
  • per_page parameter no longer works in wp_list_comments
  • ModSecurity2 blocks Potential Obfuscated Javascript in outbound anomaly
  • Incorrect comment pagination when comment threading is turned off
  • update_term_cache and deleting object_id
  • Button to delete inactive widgets is displayed on inactive sidebars

A more detailed list of changes can you see here.

Don’t forget to keep your WordPress installation up to date and backup before you press the button.