4c0edbc1dc
WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team. WordPress 4.6.1 also fixes 15 bugs from Version 4.6, including: Bootstrap/Load #37680 – PHP Warning: ini_get_all() has been disabled for security reasons - Database #37683 – $collate and $charset can be undefined in wpdb::init_charset() #37689 – Issues with utf8mb4 collation and the 4.6 update - Editor #37690 – Backspace causes jumping - Email #37736 – Emails fail on certain server setups - External Libraries #37700 – Warning: curl_exec() has been disabled for security reasons (Requests library) #37720 – The minified version of the Masonry shim was not updated in #37666 (Masonry library) - HTTP API #37733 – cURL error 3: malformed for remote requests #37768 – HTTP API no longer accepts integer and float values for the cookies argument - Post Thumbnails #37697 – Strange behavior with thumbnails on preview in 4.6 - Script Loader #37800 – Close “link rel” dns-prefetch tag - Taxonomy #37721 – Improve error handling of is_object_in_term in taxonomy.php - Themes #37755 – Visual Editor: Weird unicode (Vietnamese) characters display on WordPress 4.6 - TinyMCE #37760 – Problem with RTL - Upgrade/Install #37731 – Infinite loop in _wp_json_sanity_check() during plugin install |
||
|---|---|---|
| .. | ||
| files | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| MESSAGE | ||
| options.mk | ||
| PLIST | ||