--- - branch: MAIN date: Mon May 11 05:16:31 UTC 2015 files: - new: '1.47' old: '1.46' path: pkgsrc/www/wordpress/Makefile pathrev: pkgsrc/www/wordpress/Makefile@1.47 type: modified - new: '1.25' old: '1.24' path: pkgsrc/www/wordpress/PLIST pathrev: pkgsrc/www/wordpress/PLIST@1.25 type: modified - new: '1.39' old: '1.38' path: pkgsrc/www/wordpress/distinfo pathrev: pkgsrc/www/wordpress/distinfo@1.39 type: modified id: 20150511T051631Z.686f37767ec4f5740232f18790ef6c76618d3db0 log: | Security and maintenance update to version 4.2.2. WordPress 4.2.2 fixes a cross-site scripting vulnerability contained in an HTML file shipped with recent Genericons packages included in the Twenty Fifteen theme as well as a number of popular plugins by removing the file. Version 4.2.2 also improves on a fix for a critical cross-site scripting vulnerability introduced in 4.2.1. The release also includes hardening for a potential cross-site scripting vulnerability when using the Visual editor. In addition to the security fixes, WordPress 4.2.2 contains fixes for 13 bugs from 4.2.1, including: o Fixes an emoji loading error in IE9 and IE10 o Fixes a keyboard shortcut for saving from the Visual editor on Mac o Fixes oEmbed for YouTube URLs to always expect https o Fixes how WordPress checks for encoding when sending strings to MySQL o Fixes a bug with allowing queries to reference tables in the dbname.tablename format o Lowers memory usage for a regex checking for UTF-8 encoding o Fixes an issue with trying to change the wrong index in the wp_signups table on utf8mb4 conversion o Improves performance of loop detection in _get_term_children() o Fixes a bug where attachment URLs were incorrectly being forced to use https in some contexts o Fixes a bug where creating a temporary file could end up in an endless loop. module: pkgsrc subject: 'CVS commit: pkgsrc/www/wordpress' unixtime: '1431321391' user: morr