WordPress 5.2.3 Security and Maintenance Release

WordPress 5.2.3 is now available.

This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.2, there are also updated versions of 5.1 and earlier that fix the bugs for you.

WordPress.org already started automatic background updates that do not require you to do anything, but it may take some time for them to get to your website. If it does not update automatically, either do it yourself (and don’t forget to make a full backup first!) or contact Dusk Owl for help.

WordPress 5.1.1 Security Release

WordPress 5.1.1 is now available. This is a security and maintenance release for WordPress 5.1 and earlier.  It introduces 14 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2.

While WordPress.org already started automatic background updates that do not require you to do anything, it may take some time for them to get to your website. If it does not update automatically today, either do it yourself (and don’t forget to make a full backup first!) or contact Dusk Owl for help.

WordPress 5.0.1 Security Release

WordPress 5.0.1 is now available. This is a security release for all versions since WordPress 3.7.  It is strongly recommended that you to update your websites immediately.

WordPress versions 5.0 and earlier are affected by several bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0.

While WordPress.org already started automatic background updates that do not require you to do anything, it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.9.8 Maintenance Release

WordPress 4.9.8 is now available. This is a maintenance release with 18 Privacy fixes focused on ensuring consistency and flexibility in the new personal data tools that were added in WordPress 4.9.6, including:

  • The type of request being confirmed is now included in the subject line for all privacy confirmation emails.
  • Improved consistency with site name being used for privacy emails in multisite.
  • Pagination for Privacy request admin screens can now be adjusted.
  • Increased the test coverage for several core privacy functions.

This post has more information about all of the issues fixed in 4.9.8 if you’d like to learn more.

While WordPress.org already started automatic background updates that do not require you to do anything, it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.9.7 Security and Maintenance Release

WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7.You have to update your websites immediately.

WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.9.6 Privacy and Maintenance Release

WordPress 4.9.6 is now available. This is a privacy and maintenance release. You probably should update your website to take advantage of new privacy features.

The European Union’s General Data Protection Regulation (GDPR) takes effect on May 25. The GDPR requires companies and site owners to be transparent about how they collect, use, and share personal data. It also gives individuals more access and choice when it comes to how their own personal data is collected, used, and shared.

It’s important to understand that while the GDPR is a European regulation, its requirements apply to all sites and online businesses that collect, store, and process personal data about EU residents no matter where the business is located.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.9.5 Security and Maintenance Release

WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. You need to update your site(s) immediately.

WordPress versions 4.9.4 and earlier are affected by three security issues.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.9.2 Security and Maintenance Release

WordPress 4.9.2 is now available. This is a maintenance and security release for all WordPress versions since 3.7, and you need to update your websites immediately.

An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.

MediaElement has released a new version that contains a fix for the bug, and a WordPress plugin containing the fixed files is available in the plugin repository.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.9.1 Security Release

WordPress 4.9.1 is now available. This is a security release for all previous versions since WordPress 3.7, and it is strongly recommended that you update your websites immediately.

WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.8.3 Security Release

WordPress 4.8.3 is now available. This is a security release for all previous versions, and you must update your websites immediately.

WordPress versions 4.8.2 and earlier are affected by an issue where unexpected and unsafe queries can lead to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but special hardening has been added to prevent plugins and themes from accidentally causing a vulnerability.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.