On October 17, 2022, WordPress 3.8.40 was released to the public.
To get this version, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release.
- Posts, Post types: Apply KSES to post-by-email content,
- General: Validate host on “Are you sure?” screen,
- Posts, Post types: Remove emails from post-by-email logs,
- Pings/trackbacks: Apply KSES to all trackbacks,
- Mail: Reset PHPMailer properties between use,
- Widgets: Escape RSS error messages for display.
The release would not have been possible without the contributions of the following people. Their asynchronous coordination to deliver several fixes into a stable release is a testament to the power and capability of the WordPress community.
@audrasjb, @costdev, @cu121, @dd32, @davidbaumwald, @ehtis, @johnbillion, @johnjamesjacoby, @martinkrcho, @matveb, @oztaser, @paulkevan, @peterwilsoncc,@ravipatel, @SergeyBiryukov, @talldanwp, @timothyblynjacobs, @tykoted, @voldemortensen, @vortfu, and @xknown.
wp-includes/comment.php wp-includes/default-widgets.php wp-includes/functions.php wp-includes/pluggable.php wp-mail.php wp-trackback.php