WordPress 4.2.4 Security and Maintenance Release Now Available

Yet another WordPress Security and Maintenance Release has been released. The second in a short time, and the fourth total, so far.

Samuel Sidler announced WordPress 4.2.4 is now available.

This is a security release for all previous versions. It is highly recommended that you update your website Immediately. If you’re not deactivated the automatic update, your website should already or shortly been updated to WordPress 4.2.4.

This security and maintenance release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a website.

The issues were discovered by Marc-Alexandre Montpas from Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov.

The security release also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer. Prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.

In addition to the security fixes, WordPress 4.2.4 contains fixes for 4 bugs from 4.2.3, including:

  • FIX – WPDB: When checking the encoding of strings against the database, make sure we’re only relying on the return value of strings that were sent to the database. #32279
  • FIX – Don’t blindly trust the output of glob() to be an array. #33093
  • FIX – Shortcodes: Handle do_shortcode(‘<[shortcode]’) edge cases. #33116
  • FIX – Shortcodes: Protect newlines inside of CDATA. #33106

Check out the list of all files revised in Version 4.2.4

Sites that support automatic background updates are already beginning to update to WordPress 4.2.4. Otherwise, you has to head over to your Dashboard → Updates and simply click “Update Now.”

WordPress 4.3

The release of WordPress 4.3 is approaching and the date is set for Tuesday, August 18, and of course we hope the timetable keeps.

For those of you who are interested in finding out what’s new or has been updated in 4.3 check out the Beta 1, Beta 2, Beta 3 and Beta 4 blog posts. Or read our article – What Can We Expect in WordPress 4.3?

I end with this question:

What jazz musician do you think will be honored in WordPress 4.3?

» WordPress 4.2.4 Security and Maintenance Release