WordPress更新了6.5.5版本,更新内容如下:
6.5.5 版本修补了安全漏洞、修正了 3 个问题。
On June 24, 2024, WordPress 6.5.5 was released to the public.
Summary
Security updates
This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
- A cross-site scripting (XSS) vulnerability affecting the HTML API reported by Dennis Snell of the WordPress Core Team and Alex Concha and Grzegorz (Greg) Ziółkowski of the WordPress security team.
- A cross-site scripting (XSS) vulnerability affecting the Template Part block reported independently by Rafie Muhammad of Patchstack and during a third party security audit.
- A path traversal issue affecting sites hosted on Windows reported independently by Rafie M & Edouard L of Patchstack, David Fifield, x89, apple502j, and mishre.
Change log
List of files revised
/wp-admin/about.php
/wp-admin/includes/plugin-install.php
/wp-includes/version.php/wp-includes/blocks.php
/wp-includes/formatting.php
/wp-includes/functions.php
/wp-includes/fonts.php
/wp-includes/rest-api/endpoints/class-wp-rest-font-faces-controller.php
/wp-includes/html-api/class-wp-html-tag-processor.phpList of packages revised
@wordpress/block-directory
@wordpress/block-library
@wordpress/customize-widgets
@wordpress/edit-post
@wordpress/edit-site
@wordpress/edit-widgets👋 感谢您的观看!
© 版权声明
THE END
