Version 3.8.40

On October 17, 2022, WordPress 3.8.40 was released to the public.

Installation/Update information

To get this version, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

Security updates included in this release

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release.

  • Posts, Post types: Apply KSES to post-by-email content,
  • General: Validate host on “Are you sure?” screen,
  • Posts, Post types: Remove emails from post-by-email logs,
  • Pings/trackbacks: Apply KSES to all trackbacks,
  • Mail: Reset PHPMailer properties between use,
  • Widgets: Escape RSS error messages for display.

Credits

This release was led by Alex Concha (@xknown), Peter Wilson (@peterwilsoncc), Jb Audras (@audrasjb), and Sergey Biryukov (@SergeyBiryukov).

The release would not have been possible without the contributions of the following people. Their asynchronous coordination to deliver several fixes into a stable release is a testament to the power and capability of the WordPress community.

@audrasjb@costdev@cu121@dd32@davidbaumwald@ehtis@johnbillion@johnjamesjacoby@martinkrcho@matveb@oztaser@paulkevan@peterwilsoncc,@ravipatel@SergeyBiryukov@talldanwp@timothyblynjacobs@tykoted@voldemortensen@vortfu, and @xknown.

List of update packages

None

List of files revised

wp-includes/comment.php
wp-includes/default-widgets.php
wp-includes/functions.php
wp-includes/pluggable.php
wp-mail.php
wp-trackback.php

First published

Last updated