Now
MAIN commitmail json YAML
pkgsrc/www/wordpress/Makefile@1.60
/
diff
pkgsrc/www/wordpress/PLIST@1.31 / diff
pkgsrc/www/wordpress/distinfo@1.50 / diff
pkgsrc/www/wordpress/PLIST@1.31 / diff
pkgsrc/www/wordpress/distinfo@1.50 / diff
Security update to version 4.6.1.
WordPress versions 4.6 and earlier are affected by two security issues:
a cross-site scripting vulnerability via image filename, reported by SumOfPwn
researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade
package uploader, reported by Dominik Schilling from the WordPress security
team.
WordPress 4.6.1 also fixes 15 bugs from Version 4.6, including:
Bootstrap/Load
#37680 – PHP Warning: ini_get_all() has been disabled for security reasons
- Database
#37683 – $collate and $charset can be undefined in wpdb::init_charset()
#37689 – Issues with utf8mb4 collation and the 4.6 update
- Editor
#37690 – Backspace causes jumping
- Email
#37736 – Emails fail on certain server setups
- External Libraries
#37700 – Warning: curl_exec() has been disabled for security reasons (Requests library)
#37720 – The minified version of the Masonry shim was not updated in #37666 (Masonry library)
- HTTP API
#37733 – cURL error 3: malformed for remote requests
#37768 – HTTP API no longer accepts integer and float values for the cookies argument
- Post Thumbnails
#37697 – Strange behavior with thumbnails on preview in 4.6
- Script Loader
#37800 – Close “link rel” dns-prefetch tag
- Taxonomy
#37721 – Improve error handling of is_object_in_term in taxonomy.php
- Themes
#37755 – Visual Editor: Weird unicode (Vietnamese) characters display on WordPress 4.6
- TinyMCE
#37760 – Problem with RTL
- Upgrade/Install
#37731 – Infinite loop in _wp_json_sanity_check() during plugin install
WordPress versions 4.6 and earlier are affected by two security issues:
a cross-site scripting vulnerability via image filename, reported by SumOfPwn
researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade
package uploader, reported by Dominik Schilling from the WordPress security
team.
WordPress 4.6.1 also fixes 15 bugs from Version 4.6, including:
Bootstrap/Load
#37680 – PHP Warning: ini_get_all() has been disabled for security reasons
- Database
#37683 – $collate and $charset can be undefined in wpdb::init_charset()
#37689 – Issues with utf8mb4 collation and the 4.6 update
- Editor
#37690 – Backspace causes jumping
#37736 – Emails fail on certain server setups
- External Libraries
#37700 – Warning: curl_exec() has been disabled for security reasons (Requests library)
#37720 – The minified version of the Masonry shim was not updated in #37666 (Masonry library)
- HTTP API
#37733 – cURL error 3: malformed for remote requests
#37768 – HTTP API no longer accepts integer and float values for the cookies argument
- Post Thumbnails
#37697 – Strange behavior with thumbnails on preview in 4.6
- Script Loader
#37800 – Close “link rel” dns-prefetch tag
- Taxonomy
#37721 – Improve error handling of is_object_in_term in taxonomy.php
- Themes
#37755 – Visual Editor: Weird unicode (Vietnamese) characters display on WordPress 4.6
- TinyMCE
#37760 – Problem with RTL
- Upgrade/Install
#37731 – Infinite loop in _wp_json_sanity_check() during plugin install