WordPress 4.9.1 Security and Maintenance Release

WordPress released it’s most recent Security & Maintenance update yesterday and it is recommended to update as soon as possible.

The following security fixes were released in this update:

  1. Use a properly generated hash for the newbloguser key instead of a determinate substring.
  2. Add escaping to the language attributes used on html elements.
  3. Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
  4. Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

11 other bugs were fixed, particularly of note were:

  • Issues relating to the caching of theme template files.
  • A MediaElement JavaScript error preventing users of certain languages from being able to upload media files.
  • The inability to edit theme and plugin files on Windows based servers.

All Zullo Media Support & Maintenance Plan subscribers have been updated successfully.

If you’re having issues with your site after updating, and do not currently subscribe to our Support & Maintenance plans, please contact us here for help.


Founder & Lead Digital Strategist at Zullo Media.

No Comments

Sorry, the comment form is closed at this time.