Version 4.4.2

On 2 February, 2016, WordPress 4.4.2 was released to the public.

Installation/Update Information

To download WordPress 4.4.2, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the announcement post, WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.

  • #36435 HTTP: 0.1.2.3 is not a valid IP.
  • #36444 Better validation of the URL used in HTTP redirects.

In addition to the security issues above, WordPress 4.4.2 fixes 17 bugs from 4.4 and 4.4.1

  • #35356 wp_list_comments ignores $comments parameter
  • #35478 4.4 Regression on Querying for Comments by Multiple Post Fields
  • #35192 Comments_clauses filter
  • #35251 ‘networks’ should be global cache group
  • #35316 Images with latin extended characters in exif (slovak/czech) are missing thumbnails
  • #35327 Using libsodium for random bytes breaks plugin update in WP 4.4
  • #35344 Strange pagination issue on front page after 4.4.1 update
  • #35355 Customizer should not try to return to the login screen
  • #35361 Error in SQL syntax search page
  • #35376 Default URL for emoji images should be always https
  • #35378 Incorrect comment ordering when comment threading is turned off
  • #35401 Taxonomies Quick Edit: prevent page reload when submitting
  • #35402 per_page parameter no longer works in wp_list_comments
  • #35412 ModSecurity2 blocks Potential Obfuscated Javascript in outbound anomaly
  • #35419 Incorrect comment pagination when comment threading is turned off
  • #35462 update_term_cache and deleting object_id
  • #35447 Button to delete inactive widgets is displayed on inactive sidebars

List of Files Revised

wp-admin/includes/image.php
wp-admin/js/inline-edit-tax.min.js
wp-admin/js/inline-edit-tax.js
wp-admin/widgets.php
wp-admin/about.php
wp-includes/ms-blogs.php
wp-includes/class-wp-customize-manager.php
wp-includes/js/wp-emoji-loader.js
wp-includes/js/wp-emoji-loader.min.js
wp-includes/random_compat/random.php
wp-includes/formatting.php
wp-includes/taxonomy.php
wp-includes/comment-template.php
wp-includes/load.php
wp-includes/query.php
wp-includes/kses.php
wp-includes/http.php
wp-includes/version.php
wp-includes/class-wp-comment-query.php
wp-includes/pluggable.php
readme.html

First published

Last updated