ebbfe6b81c
Changes: - Three cross-site scripting issues that a contributor or author could use to compromise a site. - A cross-site request forgery that could be used to trick a user into changing their password. - An issue that could lead to a denial of service when passwords are checked. - Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. - An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding). - WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. More details on http://codex.wordpress.org/Version_4.0.1. |
||
|---|---|---|
| .. | ||
| files | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| MESSAGE | ||
| options.mk | ||
| PLIST | ||