On October 17, 2022, WordPress 4.9.21 was released to the public.
To get this version, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release.
- Media: Refactor search by filename within the admin,
- REST API: Lockdown post parameter of the terms endpoint,
- Customize: Escape blogname option in underscores templates,
- Query: Validate relation in
- Posts, Post types: Apply KSES to post-by-email content,
- General: Validate host on “Are you sure?” screen,
- Posts, Post types: Remove emails from post-by-email logs,
- Pings/trackbacks: Apply KSES to all trackbacks,
- Mail: Reset PHPMailer properties between use,
- Widgets: Escape RSS error messages for display.
The release would not have been possible without the contributions of the following people. Their asynchronous coordination to deliver several fixes into a stable release is a testament to the power and capability of the WordPress community.
@audrasjb, @costdev, @cu121, @dd32, @davidbaumwald, @ehtis, @johnbillion, @johnjamesjacoby, @martinkrcho, @matveb, @oztaser, @paulkevan, @peterwilsoncc,@ravipatel, @SergeyBiryukov, @talldanwp, @timothyblynjacobs, @tykoted, @voldemortensen, @vortfu, and @xknown.