WordPress Managed - Package updates
You can use this thread to track updates to the managed WordPress package.
Please open issues in a separate topic instead of replying here.
Pushed a new 'Managed WP' package version 2.10.0 now:
- WordPress has been updated to version 5.4.1
- Now uses PHP 7.3
Pushed a new 'Unmanaged WP' package version 2.2.0 that installed WP 5.4.1 by default.
Both managed and unmanaged WP got updates to install the missing
- Update WordPress to 5.4.2
- Release post
- Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
- Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
- Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
- Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.