Η Automattic just released one new update for its web software. WordPress 4.2.4 is now available for download.
Η έκδοση, WοrdPress 4.2.4 διορθώνει τρεις ευπάθειες cross-site scripting και μια attack potential SQL injection that could be exploited to compromise any site (CVE-2015-2213).
Also includes a fix for potential timing side-attackschannel which allowed an attacker to lock a post from further editing.
The new WordPress 4.2.4 version also resolves the 4 bugs of the release 4.2.3.
- FIX – WPDB: When checking the encoding of strings against the , make sure we're only relying on the return value of strings that were sent to the database. #32279
- FIX – Don't blindly trust the output of glob () to be an array. #33093
- FIX - Shortcodes: Handle edge cases. #33116
- FIX - Shortcodes: Protect newlines inside of CDATA. #33106
For more see it note.
If you are a site administrator using the platform, upgrade immediately.