Title: Version 4.9.2
Author: Jb Audras
Published: January 15, 2019

---

# Version 4.9.2

## In this article

 * [Detailed Changes](https://wordpress.org/documentation/wordpress-version/version-4-9-2/?output_format=md#detailed-changes)
 * [List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-4-9-2/?output_format=md#list-of-files-revised)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-4-9-2/?output_format=md#wp--skip-link--target)

From the [WordPress 4.9.2 release post](https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/):
WordPress versions 4.9 and earlier are affected by an XSS vulnerability in the Flash
fallback files in MediaElement 4.x, a library that is included with WordPress 4.9.

In addition to the security issue above, WordPress 4.9.2 contains 22 bug fixes.

## 󠀁[Detailed Changes](https://wordpress.org/documentation/wordpress-version/version-4-9-2/?output_format=md#detailed-changes)󠁿

Bundled Theme

 * [#42820](https://core.trac.wordpress.org/ticket/42820) – Twenty Seventeen -watch
   that language

Customize

 * [#42492](https://core.trac.wordpress.org/ticket/42492) – Selecting menu location
   changes line height
 * [#42871](https://core.trac.wordpress.org/ticket/42871) – Features box textstrings
   in Feature Filter area need new linebreak

Database

 * [#42812](https://core.trac.wordpress.org/ticket/42812) – Use MySQLi when available
   by default

Editor

 * [#42664](https://core.trac.wordpress.org/ticket/42664) – Editor link autocomplete
   suggestions: no fallback title displayed for posts with no title
 * [#43012](https://core.trac.wordpress.org/ticket/43012) – Cannot Update Post in
   Firefox Due to Editor and TinyMCE JavaScript TypeErrors

External Libraries

 * [#42439](https://core.trac.wordpress.org/ticket/42439) – Update random_compat
   external library for PHP 7 linting failure

Formatting

 * [#42578](https://core.trac.wordpress.org/ticket/42578) – PHP functions inside
   <p> tags creates new <p> tag, breaking the parent tag into two.

Media

 * [#42225](https://core.trac.wordpress.org/ticket/42225) – Whitelist Flac Files
 * [#42447](https://core.trac.wordpress.org/ticket/42447) – Mark test_remove_orientation_data_on_rotate
   as skipped when exif_read_data isn’t available
 * [#42480](https://core.trac.wordpress.org/ticket/42480) – Consistent suppression
   of `getimagesize()` errors
 * [#42720](https://core.trac.wordpress.org/ticket/42720) – Remove unnecessary MediaElement.
   js files

Plugins

 * [#43082](https://core.trac.wordpress.org/ticket/43082) – Add plugins search results:
   the plugin details modal opens in the thickbox modal

REST API

 * [#42828](https://core.trac.wordpress.org/ticket/42828) – Hard-coded 403 status
   in REST response should use `rest_authorization_required_code()`

Taxonomy

 * [#42771](https://core.trac.wordpress.org/ticket/42771) – WP_Term::get_instance()
   regression for non-category terms queried with ‘category’ taxonomy
 * [#42605](https://core.trac.wordpress.org/ticket/42605) – category_description()
   does not work properly since 4.9
 * [#42717](https://core.trac.wordpress.org/ticket/42717) – get_category_link() 
   accepting object but not id

TinyMCE

 * [#42416](https://core.trac.wordpress.org/ticket/42416) – Code assumes iframe 
   mode, exception in inline mode

Upgrade/Install

 * [#42963](https://core.trac.wordpress.org/ticket/42963) – Improve deletion of 
   $_old_files during upgrades

Widgets

 * [#42603](https://core.trac.wordpress.org/ticket/42603) – Widgets Warning after
   activating theme and on dashboard widgets page
 * [#42719](https://core.trac.wordpress.org/ticket/42719) – Always attempt to restore
   widgets’ previous assignment
 * [#42867](https://core.trac.wordpress.org/ticket/42867) – HTML Widget: toggleClass()
   should be passed true/false as second param

## 󠀁[List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-4-9-2/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
     wp-admin/includes/update-core.php wp-admin/includes/media.php wp-admin/includes/image.php wp-admin/css/customize-nav-menus.min.css wp-admin/css/common-rtl.css wp-admin/css/common-rtl.min.css wp-admin/css/common.css wp-admin/css/customize-nav-menus-rtl.css wp-admin/css/customize-nav-menus-rtl.min.css wp-admin/css/common.min.css wp-admin/css/customize-nav-menus.css wp-admin/js/plugin-install.min.js wp-admin/js/editor.js wp-admin/js/plugin-install.js wp-admin/js/editor.min.js wp-admin/js/widgets/custom-html-widgets.min.js wp-admin/js/widgets/custom-html-widgets.js wp-admin/theme-install.php wp-admin/about.php wp-includes/default-filters.php wp-includes/rest-api/class-wp-rest-server.php wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php wp-includes/wp-db.php wp-includes/customize/class-wp-customize-themes-section.php wp-includes/js/mce-view.js wp-includes/js/mce-view.min.js wp-includes/js/mediaelement/mediaelement-flash-video-hls.swf wp-includes/js/mediaelement/mediaelement-flash-video-mdash.swf wp-includes/js/mediaelement/lang/cs.js wp-includes/js/mediaelement/lang/es.js wp-includes/js/mediaelement/lang/fr.js wp-includes/js/mediaelement/lang/hr.js wp-includes/js/mediaelement/lang/ko.js wp-includes/js/mediaelement/lang/nl.js wp-includes/js/mediaelement/lang/pl.js wp-includes/js/mediaelement/lang/hu.js wp-includes/js/mediaelement/lang/it.js wp-includes/js/mediaelement/lang/sk.js wp-includes/js/mediaelement/lang/zh-cn.js wp-includes/js/mediaelement/lang/uk.js wp-includes/js/mediaelement/lang/ro.js wp-includes/js/mediaelement/lang/zh.js wp-includes/js/mediaelement/lang/ca.js wp-includes/js/mediaelement/lang/pt.js wp-includes/js/mediaelement/lang/ru.js wp-includes/js/mediaelement/lang/fa.js wp-includes/js/mediaelement/lang/de.js wp-includes/js/mediaelement/lang/sv.js wp-includes/js/mediaelement/lang/ja.js wp-includes/js/mediaelement/lang wp-includes/js/mediaelement/mediaelement-flash-audio.swf wp-includes/js/mediaelement/mediaelement-flash-video.swf wp-includes/js/mediaelement/renderers/dailymotion.js wp-includes/js/mediaelement/renderers/facebook.js wp-includes/js/mediaelement/renderers/dailymotion.min.js wp-includes/js/mediaelement/renderers/facebook.min.js wp-includes/js/mediaelement/renderers/soundcloud.js wp-includes/js/mediaelement/renderers/soundcloud.min.js wp-includes/js/mediaelement/renderers/twitch.js wp-includes/js/mediaelement/renderers/twitch.min.js wp-includes/js/mediaelement/mediaelement-flash-audio-ogg.swf wp-includes/js/tinymce/plugins/wplink/plugin.js wp-includes/js/tinymce/plugins/wplink/plugin.min.js wp-includes/js/tinymce/wp-tinymce.js.gz wp-includes/category-template.php wp-includes/widgets.php wp-includes/functions.php wp-includes/media.php wp-includes/random_compat/random_bytes_mcrypt.php wp-includes/random_compat/random_bytes_dev_urandom.php wp-includes/random_compat/random_bytes_openssl.php wp-includes/random_compat/random_int.php wp-includes/random_compat/random_bytes_libsodium.php wp-includes/random_compat/random_bytes_com_dotnet.php wp-includes/random_compat/random_bytes_libsodium_legacy.php wp-includes/version.php wp-content/plugins wp-content/themes/twentyseventeen/front-page.php license.txt 
    ```

First published

January 15, 2019

Last updated