WordPress (Developer) - Package Updates
Pinned
WordPress (Developer)
-
[2.13.0]
- Update default WordPress to 5.8.1
- Make sendmail optional
- Release announcement
- Props @mdawaffe, member of the WordPress Security Team for their work fixing a data exposure vulnerability within the REST API.
- Props to Bentkowski of Securitum for reporting a XSS vulnerability in the block editor.
- The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes.
-
D d19dotca referenced this topic on
-
D d19dotca referenced this topic on
-
[2.16.0]
- Update WordPress to 6.0.1
- Release announcement
- Email Display Name support . Please note that you have to set any custom mail from display name in the Email section.
-
[2.16.3]
- Update WordPress to 6.0.3
- Release announcement
- Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
- Open redirect in
wp_nonce_ays– devrayn - Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
- Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
-
[2.17.0]
- Update WordPress to 6.1
- Release announcement
- Twenty Twenty-Three: A fresh default theme with 10 distinct style variations
- New templates for an improved creator experience
- Design tools for more consistency and control
- Manage menus with ease
- Cleaner layouts and document settings visualization
- One-click lock setting for all inner blocks
- Improved block placeholders
- Compose richer lists and quotes with inner blocks
- More Responsive text with fluid typography
- Add starter patterns to any post type
- A streamlined style system
