diff options
| author | morr <morr@pkgsrc.org> | 2020-11-01 15:06:08 +0000 |
|---|---|---|
| committer | morr <morr@pkgsrc.org> | 2020-11-01 15:06:08 +0000 |
| commit | 904c058b1a712f9617e1e71fb044362c46be89cf (patch) | |
| tree | 27f32d5ea346e97b3bee5f59108a19a1f9354b00 /www/gnurl | |
| parent | 528011f88cda8777e3a120816ddd7fbc9b251a12 (diff) | |
| download | pkgsrc-904c058b1a712f9617e1e71fb044362c46be89cf.tar.gz | |
Security and maintenance update to version 5.5.3.
5.5.3:
This maintenance release fixes an issue introduced in WordPress 5.5.2
which makes it impossible to install WordPress on a brand new website
that does not have an existing database connection configuration.
This release does not affect sites where a database connection is
already configured, for example, via one-click installers or
an existing wp-config.php file.
5.5.2:
Security updates:
- Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.
- Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.
- Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.
- Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.
- Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
- Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.
- Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.
- And a special thanks to @zieladam who was integral in many of the releases and patches during this release.
Maintenance updates:
#51130 Events displayed in venue timezone instead of user’s
#51659 Update Gutenberg Dependencies for WordPress 5.5.2
#50861 Remove Facebook and Instagram as an oEmbed Source
#50903 Set the local environment to a development environment type by default
#50949 Posts show wrong time when user is in a different time zone than the site’s
#51053 Video Embeds set to align left disappear in Gutenberg editor
#51175 Wrong reply box title
#51219 Theme editor page showing undefined variable notice
#51251 Fix PHP notice when opening the edit image popup
#51263 PHP warning when editing comments in the administration comment edit screen
#51320 PHP Notice while moving post to trash (post_type has 2 registered taxonomies both with default_term set)
#51400 Undefined index during automatic plugin/theme updates
#51595 Unable to make anonymous comments via XML-RPC
#51645 Undefined index: echo in core files
Diffstat (limited to 'www/gnurl')
0 files changed, 0 insertions, 0 deletions