On December 12, 2019, WordPress 4.0.29 was released to the public.
Installation/Update Information
To download WordPress 4.0.29, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Summary
From the WordPress 5.3.1 release post, WordPress versions 5.3 and earlier are affected by the following bugs, which are fixed in version 5.3.1. Updated versions of WordPress 5.2 and older releases since WordPress 3.7 are also available, for users who have not yet updated to 5.3.
- Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.
- Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links.
- Props to the WordPress.org Security Team for hardening
wp_kses_bad_protocol()
to ensure that it is aware of the named colon attribute.
List of Files Revised
wp-includes/kses.php wp-includes/default-filters.php wp-includes/formatting.php