WordPress更新版本Version 6.5.5，修补了安全漏洞、修正了 3 个问题

WordPress更新了6.5.5版本，更新内容如下：

6.5.5 版本修补了安全漏洞、修正了 3 个问题。

On June 24, 2024, WordPress 6.5.5 was released to the public.

Summary

Security updates

This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

• A cross-site scripting (XSS) vulnerability affecting the HTML API reported by Dennis Snell of the WordPress Core Team and Alex Concha and Grzegorz (Greg) Ziółkowski of the WordPress security team.
• A cross-site scripting (XSS) vulnerability affecting the Template Part block reported independently by Rafie Muhammad of Patchstack and during a third party security audit.
• A path traversal issue affecting sites hosted on Windows reported independently by Rafie M & Edouard L of Patchstack, David Fifield, x89, apple502j, and mishre.

Change log

List of files revised

/wp-admin/about.php
/wp-admin/includes/plugin-install.php
/wp-includes/version.php/wp-includes/blocks.php
/wp-includes/formatting.php
/wp-includes/functions.php
/wp-includes/fonts.php
/wp-includes/rest-api/endpoints/class-wp-rest-font-faces-controller.php
/wp-includes/html-api/class-wp-html-tag-processor.php

List of packages revised

@wordpress/block-directory
@wordpress/block-library
@wordpress/customize-widgets
@wordpress/edit-post
@wordpress/edit-site
@wordpress/edit-widgets