Version 5.4.7

On September 8, 2021, WordPress 5.4.7 was released to the public.

Installation/Update Information

To get this version, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

Security updates

3 security issues affects WordPress versions between 5.4 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 5.4 have also been updated to fix the following security issues:

  • Props @mdawaffe, member of the WordPress Security Team for their work fixing a data exposure vulnerability within the REST API.
  • Props to Michał Bentkowski of Securitum for reporting a XSS vulnerability in the block editor.
  • The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes.

In addition to these fixes, the security team would like to thank Steve Henty and Evan Ricafort for reporting a XSS vulnerability discovered during the 5.8 release’s beta period. This was previously fixed in the final release of WordPress 5.8.

Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.

This version of WordPress was led by Jonathan Desrosiers and Evan Mullins.

List of Files Revised

wp-admin/about.php
wp-includes/functions.php

Updated packages

@wordpress/annotations@1.12.4
@wordpress/block-directory@1.5.9
@wordpress/block-editor@3.7.9
@wordpress/block-library@2.14.10
@wordpress/blocks@6.12.4
@wordpress/components@9.2.7
@wordpress/core-data@2.12.4
@wordpress/dom@2.8.1
@wordpress/e2e-tests@1.12.10
@wordpress/edit-post@3.13.12
@wordpress/edit-site@1.3.9
@wordpress/editor@9.12.9
@wordpress/format-library@1.14.9
@wordpress/list-reusable-blocks@1.13.7
@wordpress/nux@3.12.7
@wordpress/rich-text@3.12.3
@wordpress/server-side-render@1.8.7

First published

Last updated