Version 4.8.16

On April 14, 2021, WordPress 4.8.16 was released to the public.

Installation/Update Information

To get this version, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

Security updates

Two security issues affect WordPress versions between 4.7 and 5.7. If you haven’t yet updated to 5.7, all WordPress versions since 4.7 have also been updated to fix the following security issues:

  • thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8
  • thanks Mikael Korpela for reporting a data exposure vulnerability within the latest posts block and REST API

Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.

Props to Adam Zielinski, Pascal Birchler, Peter Wilson, Juliette Reinders Folmer, Alex Concha, Ehtisham Siddiqui, Timothy Jacobs and the WordPress security team for their work on these issues.

The 4.8.16 release was led by @peterwilsoncc and @audrasjb.

List of Files Revised

wp-includes/ID3/getid3.lib.php
wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
wp-includes/blocks/latest-posts.php

Updated packages

block-library: 2.9.9
edit-post: 3.8.9
edit-widgets: 0.7.9

First published

Last updated