--- - branch: MAIN date: Sun Nov 1 15:06:09 UTC 2020 files: - new: '1.95' old: '1.94' path: pkgsrc/www/wordpress/Makefile pathrev: pkgsrc/www/wordpress/Makefile@1.95 type: modified - new: '1.77' old: '1.76' path: pkgsrc/www/wordpress/distinfo pathrev: pkgsrc/www/wordpress/distinfo@1.77 type: modified id: 20201101T150609Z.b4dd4891eea4023e09c998242d55b741b278be9a log: "Security and maintenance update to version 5.5.3.\n\n5.5.3:\n\nThis maintenance release fixes an issue introduced in WordPress 5.5.2\nwhich makes it impossible to install WordPress on a brand new website\nthat does not have an existing database connection configuration.\nThis release does not affect sites where a database connection is\nalready configured, for example, via one-click installers or\nan existing wp-config.php file.\n\n5.5.2:\n\nSecurity updates:\n- Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.\n- Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.\n- Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.\n- Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.\n- Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.\n- Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.\n- Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.\n- And a special thanks to @zieladam who was integral in many of the releases and patches during this release.\n\nMaintenance updates:\n#51130 Events displayed in venue timezone instead of user窶å\x86±\n#51659 Update Gutenberg Dependencies for WordPress 5.5.2\n#50861 Remove Facebook and Instagram as an oEmbed Source\n#50903 Set the local environment to a development environment type by default\n#50949 Posts show wrong time when user is in a different time zone than the site窶å\x86±\n#51053 Video Embeds set to align left disappear in Gutenberg editor\n#51175 Wrong reply box title\n#51219 Theme editor page showing undefined variable notice\n#51251 Fix PHP notice when opening the edit image popup\n#51263 PHP warning when editing comments in the administration comment edit screen\n#51320 PHP Notice while moving post to trash (post_type has 2 registered taxonomies both with default_term set)\n#51400 Undefined index during automatic plugin/theme updates\n#51595 Unable to make anonymous comments via XML-RPC\n#51645 Undefined index: echo in core files\n" module: pkgsrc subject: 'CVS commit: pkgsrc/www/wordpress' unixtime: '1604243169' user: morr