On April 14, 2021, WordPress 5.3.7 was released to the public.
Installation/Update Information Installation/Update Information
To get this version, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Security updates Security updates
Two security issues affect WordPress versions between 4.7 and 5.7. If you haven’t yet updated to 5.7, all WordPress versions since 4.7 have also been updated to fix the following security issues:
- thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8
- thanks Mikael Korpela for reporting a data exposure vulnerability within the latest posts block and REST API
Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.
List of Files Revised List of Files Revised
wp-includes/ID3/getid3.lib.php wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php wp-includes/blocks/latest-posts.php
Updated packages Updated packages
block-library: 2.9.9 edit-post: 3.8.9 edit-widgets: 0.7.9