WordPress 5.3.1 resolve diversas vulnerabilidades no core do CMS, um total de 46 updates e aprimoramentos.
Existem 4 vulnerabilidades de segurança corrigidas nesta atualização que afetam o WordPress versões 5.3 e anteriores.
- The first one is a privilege escalation vulnerability that allows an unprivileged user could make a post sticky via the REST API.
- The second one is Props to the WordPress.org Security Team for hardening
wp_kses_bad_protocol()
to ensure that it is aware of the named colon attribute. - There are two Cross-site scripts (XSS) vulnerabilities are fixed in this release, one could be stored in well-crafted links and the other one, a stored XSS vulnerability using block editor content.
O WordPress anunciou que o WordPress 5.3.1 é uma versão de manutenção curta. O próximo grande lançamento será a versão 5.4.
Existem várias atualizações de manutenção lançadas, incluindo as seguintes:
- Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note).
- Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
- Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
- Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make
get_permalink()
more resilient against PHP timezone changes. - Embeds: remove CollegeHumor oEmbed provider as the service doesn’t exist anymore.
- External libraries: update
sodium_compat
. - Site health: allow the remind interval for the admin email verification to be filtered.
- Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
- Users: ensure administration email verification uses the user’s locale instead of the site locale.
Como atualizar o WordPress 5.3.1
WordPress 5.3.1 contains 46 maintenance fixes. Updates are simple Dashboard >> Updates >> Update Now.
É sempre uma boa idéia fazer backup do WordPress antes de prosseguir com a atualização; pois caso houver algum problema, poderá facilmente restaurar o website.
Também pode usar o plugin WP Hardening – um plug-in gratuito de segurança do WordPress para executar uma auditoria de segurança em tempo real no website.