
WordPress 4.9.1 Security and Maintenance Release
WordPress released it’s most recent Security & Maintenance update yesterday and it is recommended to update as soon as possible.
The following security fixes were released in this update:
- Use a properly generated hash for the newbloguser key instead of a determinate substring.
- Add escaping to the language attributes used on html elements.
- Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
- Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.
11 other bugs were fixed, particularly of note were:
- Issues relating to the caching of theme template files.
- A MediaElement JavaScript error preventing users of certain languages from being able to upload media files.
- The inability to edit theme and plugin files on Windows based servers.
All Zullo Media Support & Maintenance Plan subscribers have been updated successfully.
If you’re having issues with your site after updating, and do not currently subscribe to our Support & Maintenance plans, please contact us here for help.