The WordPress team has been hard at work fixing 69 issues that include 8 Security issues and 61 bugs. Most sites should automatically be updated but if your site hasn’t yet, then it’s recommended that you immediately log into your website and update.
8 Security Patches
- Remote Code Execution in PHPMailer has been patched.
- The Rest API has been patched to deal with exposed user data.
- Cross Site Scripting via plugin header and update-core.php file which was first reported by Dominik Schilling from the WordPress Security Team
- Cross Site Scripting via theme name fallback.
- Cross Site Request Forgery bypass while uploading a flash file.
- Post via email checks mail.example.com if default settings aren’t changed. Reported by John Blackbourn of the WordPress Security Team.
- A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing. Reported by Ronnie Skansing.
- Weak cryptographic security for multisite activation key.
Here is a complete list of the files that have been updated
- wp-includes/class-wp-editor.php
- wp-includes/class-wp-theme.php
- wp-includes/class-wp-image-editor-imagick.php
- wp-includes/class-phpmailer.php
- wp-includes/version.php
- wp-includes/customize/class-wp-customize-selective-refresh.php
- wp-includes/customize/class-wp-customize-custom-css-setting.php
- wp-includes/script-loader.php
- wp-includes/feed-rss2.php
- wp-includes/post-template.php
- wp-includes/theme.php
- wp-includes/functions.php
- wp-includes/media.php
- wp-includes/class-wp-customize-manager.php
- wp-includes/js/customize-selective-refresh.min.js
- wp-includes/js/customize-preview.js
- wp-includes/js/wplink.js
- wp-includes/js/customize-preview-nav-menus.js
- wp-includes/js/wp-api.min.js
- wp-includes/js/customize-selective-refresh.js
- wp-includes/js/wp-api.js
- wp-includes/js/customize-preview.min.js
- wp-includes/js/wplink.min.js
- wp-includes/js/customize-preview-nav-menus.min.js
- wp-includes/default-filters.php
- wp-includes/feed.php
- wp-includes/class-wp-customize-nav-menus.php
- wp-includes/ms-functions.php
- wp-includes/comment.php
- wp-includes/class-wp-customize-widgets.php
- wp-includes/taxonomy.php
- wp-includes/post.php
- wp-includes/rest-api/class-wp-rest-request.php
- wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
- wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
- wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
- wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
- wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
- wp-includes/load.php
- wp-includes/class-smtp.php
- wp-includes/css/customize-preview.min.css
- wp-includes/css/customize-preview-rtl.css
- wp-includes/css/customize-preview-rtl.min.css
- wp-includes/css/customize-preview.css
- wp-mail.php
- wp-content/themes/twentyseventeen/README.txt
- wp-content/themes/twentyseventeen/style.css
- wp-content/themes/twentyseventeen/functions.php
- wp-content/themes/twentyseventeen/assets/js/customize-controls.js
- license.txt
- wp-admin/css/edit-rtl.css
- wp-admin/css/customize-nav-menus-rtl.css
- wp-admin/css/edit-rtl.min.css
- wp-admin/css/customize-nav-menus-rtl.min.css
- wp-admin/css/edit.css
- wp-admin/css/customize-nav-menus.css
- wp-admin/css/edit.min.css
- wp-admin/css/customize-nav-menus.min.css
- wp-admin/widgets.php
- wp-admin/update-core.php
- wp-admin/about.php
- wp-admin/includes/image.php
- wp-admin/includes/post.php
- wp-admin/includes/class-wp-screen.php
- wp-admin/edit-tags.php
- wp-admin/js/customize-controls.min.js
- wp-admin/js/updates.js
- wp-admin/js/customize-nav-menus.min.js
- wp-admin/js/customize-controls.js
- wp-admin/js/theme.min.js
- wp-admin/js/updates.min.js
- wp-admin/js/customize-nav-menus.js
- wp-admin/js/theme.js
If you want to view further information about the changes, take a look at the links below.
- https://codex.wordpress.org/Version_4.7.1
- https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- https://core.trac.wordpress.org/query?milestone=4.7.1
One of the great things about WordPress is that it’s an actively maintained piece of software with a very talented team of developers.
Spread the word about this update.