On 21 June, 2016, WordPress 4.2.9 was released to the public.
Installation/Update Information
To download WordPress 4.2.9, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Summary
From the WordPress 4.5.3 release notes, WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati; revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen; oEmbed denial of service reported by Jennifer Dodd from Automattic; unauthorized category removal from a post, reported by David Herrera from Alley Interactive; password change via stolen cookie, reported by Michael Adams from the WordPress security team; and some less secure sanitize_file_name edge cases reported by Peter Westwood of the WordPress security team.
List of Files Revised
wp-admin/includes/ajax-actions.php wp-admin/includes/class-wp-media-list-table.php wp-admin/includes/post.php wp-admin/about.php wp-admin/customize.php wp-admin/revision.php wp-includes/formatting.php wp-includes/pluggable.php wp-includes/post-template.php wp-includes/version.php readme.html