WordPress 4.9.7: Security and Maintenance Release
WordPress 4.9.7 was released on the 5th of July to fix a pair of security vulnerabilities issues found in versions WordPress 4.9.6 and below. This update is for all WordPress users utilising version 3.7 and above. We recommend all WordPress users update as soon as possible.
WordPress announced that the update is due to previous versions facing a “media issue” that had the ability to allow users with certain capabilities to delete files outside the uploads directory. Both security vulnerabilities were arbitary file detection issues.
Seventeen other bugs were fixed including:
- The Widgets admin screen allows basic HTML tags in the sidevar descriptions
- The default provacy policy content no longer causes a fatal error when flushing rewrite rules outside of the admin context
- Post password cookies are cleared when logging out
- The community events dashboard will now show the nearest WordCamp if one is coming up.
You can find out more about WordPress 4.9.7 here.
A lot of WordPress users will know that this update was originanally planned to introduce the new Gutenberg interface feature ready for the big 5.0 update. Please note that WordPress 4.9.8 containing the Gutenberg preview is now expected to be released on or around July 31st.
Existing CuroHosting Customers
As with any WordPress update, minor or major, CuroHosting automatically updates clients’ sites. This allows for complete peace of mind for clients and secure WordPress sites.
Our WordPress experts are on hand to offer advice on updating WordPress to the latest version so feel free to contact them.
If you would like to trial our service, which includes automatic updates of WordPress core, themes and plugins, you can try us free for 14 days.