On 2 February, 2016, WordPress 4.4.2 was released to the public.
Installation/Update Information
To download WordPress 4.4.2, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Summary
From the announcement post, WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.
In addition to the security issues above, WordPress 4.4.2 fixes 17 bugs from 4.4 and 4.4.1
- #35356 wp_list_comments ignores $comments parameter
- #35478 4.4 Regression on Querying for Comments by Multiple Post Fields
- #35192 Comments_clauses filter
- #35251 ‘networks’ should be global cache group
- #35316 Images with latin extended characters in exif (slovak/czech) are missing thumbnails
- #35327 Using libsodium for random bytes breaks plugin update in WP 4.4
- #35344 Strange pagination issue on front page after 4.4.1 update
- #35355 Customizer should not try to return to the login screen
- #35361 Error in SQL syntax search page
- #35376 Default URL for emoji images should be always https
- #35378 Incorrect comment ordering when comment threading is turned off
- #35401 Taxonomies Quick Edit: prevent page reload when submitting
- #35402 per_page parameter no longer works in wp_list_comments
- #35412 ModSecurity2 blocks Potential Obfuscated Javascript in outbound anomaly
- #35419 Incorrect comment pagination when comment threading is turned off
- #35462 update_term_cache and deleting object_id
- #35447 Button to delete inactive widgets is displayed on inactive sidebars
List of Files Revised
wp-admin/includes/image.php wp-admin/js/inline-edit-tax.min.js wp-admin/js/inline-edit-tax.js wp-admin/widgets.php wp-admin/about.php wp-includes/ms-blogs.php wp-includes/class-wp-customize-manager.php wp-includes/js/wp-emoji-loader.js wp-includes/js/wp-emoji-loader.min.js wp-includes/random_compat/random.php wp-includes/formatting.php wp-includes/taxonomy.php wp-includes/comment-template.php wp-includes/load.php wp-includes/query.php wp-includes/kses.php wp-includes/http.php wp-includes/version.php wp-includes/class-wp-comment-query.php wp-includes/pluggable.php readme.html