WordPress (Developer) - Package Updates
-
[2.16.3]
- Update WordPress to 6.0.3
- Release announcement
- Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
- Open redirect in
wp_nonce_ays– devrayn - Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
- Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
-
[2.17.0]
- Update WordPress to 6.1
- Release announcement
- Twenty Twenty-Three: A fresh default theme with 10 distinct style variations
- New templates for an improved creator experience
- Design tools for more consistency and control
- Manage menus with ease
- Cleaner layouts and document settings visualization
- One-click lock setting for all inner blocks
- Improved block placeholders
- Compose richer lists and quotes with inner blocks
- More Responsive text with fluid typography
- Add starter patterns to any post type
- A streamlined style system
-
[3.1.0]
- Update WordPress to 6.2
- Release announcement
- Meet the reimagined Site Editor
- Manage your menu in more ways with the Navigation block
- Discover a smoother experience for the Block Inserter
- Find the controls you want when you need them
- Build faster with headers and footers for block themes
- Explore Openverse media right from the Editor
- Focus on writing with Distraction Free mode
- Experience the Site Editor, now out of beta
- Meet the new Style Book
- Copy and paste styles
- Custom CSS
- Sticky positioning
- Importing widgets
- Local fonts in themes
-
[3.1.1]
- Update WordPress to 6.2.1
- Update redis and smtp plugin
- Announcement
- Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
- A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
- A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
- Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
- A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.
-
[3.2.0]
- Update WordPress to 6.3
- Announcement
- Do everything in the Site Editor
- Preview Block themes
- Create and sync patterns
- Work faster with the Command Palette
- Sharpen your designs with new tools
- Track design changes with Style revisions
- Annotate with the Footnotes block
-
[3.3.0]
- Update WordPress to 6.4
- Announcement
- Meet Twenty Twenty-Four
- The Command Palette just got better
- Categorize and filter patterns
- Get creative with more design tools
- Make your images stand out
- Rename Group blocks
- Preview images in List View
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login