On 29 November, 2017, WordPress 3.9.22 was released to the public.
Installation/Update Information
To download WordPress 3.9.22, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Summary
From the WordPress 4.9.1 release post: WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team’s ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1:
- Use a properly generated hash for the
newbloguser
key instead of a determinate substring. - Add escaping to the language attributes used on
html
elements. - Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
- Remove the ability to upload JavaScript files for users who do not have the
unfiltered_html
capability.
List of Files Revised
wp-admin/about.php
wp-admin/user-new.php
wp-includes/feed.php
wp-includes/functions.php
wp-includes/general-template.php
wp-includes/version.php
wp-includes/wp-db.php