On August 4, 2015, WordPress version 4.2.4 was released. The Security and Maintenance Update contains some minor and major security leaks , detected by various users and developers. Probably most important was the sql injection leak when cross-site scripting is used. In addition 4 Bugs from version 4.2.3 were fixed aswell
- FIX – WPDB: When checking the encoding of strings against the database, make sure we’re only relying on the return value of strings that were sent to the database.
- FIX – Don’t blindly trust the output of glob() to be an array.
- FIX – Shortcodes: Handle do_shortcode('<[shortcode]') edge cases.
- FIX – Shortcodes: Protect newlines inside of CDATA.
Better be sure to keep your WordPress installation up to date and backup before you press the button.
Soon WordPress 4.3 will come out, promising better mobile support in editor, front- and backend. Maybe then updates can be done with a smartphone.
Schreibe einen Kommentar