On May 6, 2015, WordPress 3.7.8 was released to the public, along with WordPress 4.2.2. This is both a security update for all previous WordPress versions, and a maintenance release for versions 3.7 and newer.
Installation/Update Information
To download WordPress 3.7.8, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Summary
From the announcement post, WordPress 3.7.8 fixes a cross-site scripting vulnerability contained in an HTML file shipped with recent Genericons packages including in the Twenty Fifteen theme as well as a number of popular plugins, and improves on a fix for a critical cross-site scripting vulnerability introduced in 3.7.7.
The release also includes hardening for a potential cross-site scripting vulnerability when using the Visual editor.
WordPress 3.7.8 also contains fixes for 3 bugs from 3.7.7, including:
- Lowers memory usage for a regex checking for UTF-8 encoding
- Fixes how WordPress checks for encoding when sending strings to MySQL
List of Files Revised
readme.html
wp-includes/wp-db.php
wp-includes/version.php
wp-includes/compat.php
wp-admin/includes/update-core.php
wp-admin/includes/upgrade.php
wp-admin/about.php