So after a little bit of a slow start we are rolling out the new WordPress 5.4 release. Please note as usual we never update immediately as the first major release will always have some bugs so we will wait for the Wordpress 5.4.1 release for full deployment. We also have a number of plugin updates that now all work with PHP 7.3.x and upwards which is a great advantage to the site overall.
- Six security issues affect WordPress versions 5.4 and earlier; version 5.4.1 fixes them
- Independently reported an issue where password reset tokens were not properly invalidated
- An issue where certain private posts can be viewed unauthenticated
- An XSS issue in the Customizer
- WordPress Security Team who discovered an XSS issue in the search block
- WordPress Security Team who discovered an XSS issue in wp-object-cache
- Reported an XSS issue in file uploads.
- Additionally, an authenticated XSS issue in the block editor was discovered
WordPress Anti-spam V4.1.5
- Based on user feedback, we have dropped the in-admin notice explaining the availability of the “privacy notice” option in the AKismet settings screen.
- Security patch
Header scripts Injection V.3.1.4
- Performance optimization
- Removed obsolete code
- Improved AMP support
WordPress caching V5.5.4
- Fixed issue with CSS Combination causing problems with media specific stylesheets
- Added defer attribute for the Combined JS files when JS Defer is enabled
- Better support with sites using long domains (.blog, .marketing, etc.)
- Fixed Memcached XSS security issues
- Fixed CSS & JS Combination for sites with custom upload folders
WordPress User Role Editor V4.54
- New: Quick filter hides capabilities, which do not contain search string
- Update: CSS enhancement: When site has many custom post types capabilities list section maximal height is limited by real height of the left side (capabilities groups) section, not by 720px as earlier.
Friday, May 1, 2020