{"id":16134,"date":"2017-05-17T07:39:31","date_gmt":"2017-05-16T22:39:31","guid":{"rendered":"https:\/\/jirak.net\/wp\/wordpress-4-7-5-security-and-maintenance-release\/"},"modified":"2018-02-27T00:18:59","modified_gmt":"2018-02-26T15:18:59","slug":"wordpress-4-7-5-security-and-maintenance-release","status":"publish","type":"post","link":"https:\/\/jirak.net\/wp\/wordpress-4-7-5-security-and-maintenance-release\/","title":{"rendered":"WordPress 4.7.5 Security and Maintenance Release"},"content":{"rendered":"<p>WordPress 4.7.5 Security and Maintenance Release<\/p>\n<p>WordPress 4.7.5 is now available. This is a <strong>security release<\/strong> for all previous versions and we strongly encourage you to update your sites immediately.<\/p>\n<p>WordPress versions 4.7.4 and earlier are affected by six security issues:<\/p>\n<ol>\n<li>Insufficient redirect validation in the HTTP class. Reported by\u00a0<a href=\"https:\/\/dk.linkedin.com\/in\/ronni-skansing-36143b65\">Ronni Skansing<\/a>.<\/li>\n<li>Improper handling of post meta data values in the XML-RPC API. Reported by\u00a0<a href=\"https:\/\/hackerone.com\/jazzy2fives\">Sam Thomas<\/a>.<\/li>\n<li>Lack of capability checks for post meta data in the XML-RPC API. Reported by <a href=\"https:\/\/profiles.wordpress.org\/vortfu\">Ben Bidner<\/a>\u00a0of the WordPress Security Team.<\/li>\n<li>A Cross Site Request Forgery (CRSF) \u00a0vulnerability was discovered in the filesystem credentials dialog. Reported by <a href=\"https:\/\/twitter.com\/yorickkoster\">Yorick Koster<\/a>.<\/li>\n<li>A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.\u00a0Reported by\u00a0<a href=\"https:\/\/dk.linkedin.com\/in\/ronni-skansing-36143b65\">Ronni Skansing<\/a>.<\/li>\n<li>A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by <a href=\"https:\/\/profiles.wordpress.org\/westonruter\">Weston Ruter<\/a> of the WordPress Security Team.<\/li>\n<\/ol>\n<p>Thank you to the reporters of these issues for practicing\u00a0<a href=\"https:\/\/make.wordpress.org\/core\/handbook\/testing\/reporting-security-vulnerabilities\/\">responsible disclosure<\/a>.<\/p>\n<p>In addition to the security issues above, WordPress 4.7.5 contains 3 maintenance fixes to the\u00a04.7 release series.\u00a0For more information, see the <a href=\"https:\/\/codex.wordpress.org\/Version_4.7.5\">release notes<\/a>\u00a0or consult the <a href=\"https:\/\/core.trac.wordpress.org\/query?status=closed&amp;milestone=4.7.5&amp;group=component&amp;col=id&amp;col=summary&amp;col=component&amp;col=status&amp;col=owner&amp;col=type&amp;col=priority&amp;col=keywords&amp;order=priority\">list of changes<\/a>.<\/p>\n<p><a href=\"https:\/\/wordpress.org\/download\/\">Download WordPress 4.7.5<\/a>\u00a0or venture over to Dashboard \u2192 Updates and simply click \u201cUpdate Now.\u201d Sites that support automatic background updates are already beginning to update to WordPress 4.7.5.<\/p>\n<p>Thanks to everyone who contributed to 4.7.5.<\/p>\n<p>Source: <a href=\"https:\/\/wordpress.org\/news\/2017\/05\/wordpress-4-7-5\/\" target=\"_blank\">WordPress 4.7.5 Security and Maintenance Release<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>WordPress 4.7.5 Security and Maintenance Release WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: Insufficient redirect validation in the HTTP class. Reported by\u00a0Ronni Skansing. Improper handling of post meta data values in the XML-RPC API. Reported by\u00a0Sam Thomas. Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner\u00a0of the WordPress Security Team. A Cross Site Request Forgery (CRSF) \u00a0vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.\u00a0Reported by\u00a0Ronni Skansing. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team. Thank <a class=\"mh-excerpt-more\" href=\"https:\/\/jirak.net\/wp\/wordpress-4-7-5-security-and-maintenance-release\/\" title=\"WordPress 4.7.5 Security and Maintenance Release\">[ more&#8230; ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[169],"tags":[395],"class_list":["post-16134","post","type-post","status-publish","format-standard","hentry","category-news","tag-wordpress"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/16134","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=16134"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/16134\/revisions"}],"predecessor-version":[{"id":16135,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/16134\/revisions\/16135"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=16134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=16134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=16134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}