WordPress 6.2.1 was launched in the present day. These with automated background updates enabled ought to see a discover of their e mail, as updates rolled out earlier in the present day.
This can be a upkeep and safety launch that features necessary fixes for 5 safety vulnerabilities outlined by core contributor and launch co-lead Jb Audras:
- Block themes parsing shortcodes in consumer generated knowledge
- A CSRF concern updating attachment thumbnails
- A flaw permitting XSS by way of open embed auto discovery
- Bypassing of KSES sanitization in block attributes for low privileged customers
- A path traversal concern by way of translation information
The patches had been backported to WordPress 4.1. Now that these vulnerabilities are public, it’s advisable that customers replace instantly.
WordPress 6.2.1 additionally contains 20 core bug fixes and 10 fixes for the block editor, all detailed with ticket numbers within the release candidate post.