Saturday, May 21st, 2022

News – WordPress 5.8.1 Security & Maintenance Release – WordPress.org

WordPress 5.8.1 is now available!

This security and maintenance release contains 60 bug fixes in addition to 3 security improvements. because it is a security releaseIt is recommended that you update your sites immediately. All versions since WordPress 5.4 have also been updated.

WordPress 5.8.1 is a short-cycle security and maintenance release. The next major release will be version 5.9.

You can download WordPress 5.8.1 by downloading it from WordPress.org, or go to your Dashboard → Updates and click Update now.

If you have sites that support automatic background updates, they have already started the update process.

security update

3 Security issues affect WordPress versions between 5.4 and 5.8. If you haven’t updated to 5.8 yet, all WordPress versions since 5.4 have also been updated to fix the following security issues:

  • props @mdawaffe, member of the WordPress security team, for his work fixing a data exposure vulnerability within the REST API.
  • Props to Securitum’s Michael Bentkowski for reporting the XSS vulnerability in the block editor.
  • The Lodash library has been updated in each branch to version 4.17.21 to include upstream security improvements.

In addition to these issues, the security team would like to thank the following people for reporting vulnerabilities during the WordPress 5.8 beta testing period, allowing them to be fixed prior to release:

  • Props to Ivan Ricafort for reporting an XSS vulnerability in the block editor discovered during the beta period of the 5.8 release.
  • Props to Steve Henty for reporting a privilege escalation issue to the block editor.

Thanks to all the journalists for revealing the vulnerabilities privately. This gave the WordPress security team time to fix vulnerabilities before WordPress sites were attacked.

For more information, browse through the full list of changes on Track, or see the version 5.8.1 HelpHub documentation page.

Thanks and props!

The 5.8.1 release was led by Jonathan Desrosiers and Evan Mullins.

In addition to the security researchers and release squad members mentioned above, thanks to everyone who helped build WordPress 5.8.1:

2linctools, Adam Zielinski, Alain Schleser, Alex Lende, Alexstein, Algala, Andre, Andrei Dragnescu, Andrew Oz, Ankit Panchal, Anthony Burchell, Anton Vlasenko, Ari Stathopoulos, Bruno Riberic, Carolina Nymark, Daisy Olsen, Daniel Richards, Daria, David Anderson, David Bilowc, David Herrera, Dominic Schilling, Ella Van Derpe, Enchiridian, Evan Mullins, Gary Jones, George Mamadashvili, Greg Ziolkowski, Hector Prieto, Ianmajones, JB Audras, Jeff Bowen, Joe Dolson, Joanne A., John Blackborne, Jonathan Desrosiers, Juanma Garrido, Juliette Reinders Folmer, Kai Hao, Kapil Paul, Kerry Liu, Kevin Fodnes, Marcus Kazmierzak, Mark-K, Matt, Michael Adams (MDWFE), Mike Schroder, Mach 11, Mukesh Panchal, Nick Tsekoras, Pal Joachim Romdahl, Pascal Birchler, Paul Byrne, Paul Biron, Peter Wilson, Petter Walbow Johnsgaard, Radixweb, Rahul Mehta, Raymonopoly, Ravipatel, Riyadh Benguela, Robert Anderson, Rodrigo Arias, Sanket Chodavadia, Sergei Birukov, Stephen Bernhardt, Stephen Edgar, Steve Henty , T Erling, Timothy Jacobs, Tumatsuur, TobiasBG, Tonya Mork, Toro_unit (Hiroshi Urabe), Vlad T, WB1234, and WFMatter.

Source link