WordPress 4.7.1 安全更新

根据官方统计,WordPress 4.7 正式版发布以来,目前已经有 1400 多万次下载,今天 WordPress开发团队发布了 WordPress 4.7.1,这是一个安全更新,建议大家立即升级!

WordPress4.7.1截图
WordPress4.7.1截图


Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was reported to PHPMailer by Dawid Golunski and Paul Buonopane.
The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. Reported by Krogsgard and Chris Jean.
Cross-site scripting (XSS) via the plugin name or version header on update-core.php. Reported by Dominik Schilling of the WordPress Security Team.
Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by Abdullah Hussam.
Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince.
Post via email checks mail.example.com if default settings aren’t changed. Reported by John Blackbourn of the WordPress Security Team.
A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing. Reported by Ronnie Skansing.
Weak cryptographic security for multisite activation key. Reported by Jack.

修订的文件

wp-includes/class-wp-editor.php
wp-includes/class-wp-theme.php
wp-includes/class-wp-image-editor-imagick.php
wp-includes/class-phpmailer.php
wp-includes/version.php
wp-includes/customize/class-wp-customize-selective-refresh.php
wp-includes/customize/class-wp-customize-custom-css-setting.php
wp-includes/script-loader.php
wp-includes/feed-rss2.php
wp-includes/post-template.php
wp-includes/theme.php
wp-includes/functions.php
wp-includes/media.php
wp-includes/class-wp-customize-manager.php
wp-includes/js/customize-selective-refresh.min.js
wp-includes/js/customize-preview.js
wp-includes/js/wplink.js
wp-includes/js/customize-preview-nav-menus.js
wp-includes/js/wp-api.min.js
wp-includes/js/customize-selective-refresh.js
wp-includes/js/wp-api.js
wp-includes/js/customize-preview.min.js
wp-includes/js/wplink.min.js
wp-includes/js/customize-preview-nav-menus.min.js
wp-includes/default-filters.php
wp-includes/feed.php
wp-includes/class-wp-customize-nav-menus.php
wp-includes/ms-functions.php
wp-includes/comment.php
wp-includes/class-wp-customize-widgets.php
wp-includes/taxonomy.php
wp-includes/post.php
wp-includes/rest-api/class-wp-rest-request.php
wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
wp-includes/load.php
wp-includes/class-smtp.php
wp-includes/css/customize-preview.min.css
wp-includes/css/customize-preview-rtl.css
wp-includes/css/customize-preview-rtl.min.css
wp-includes/css/customize-preview.css
wp-mail.php
wp-content/themes/twentyseventeen/README.txt
wp-content/themes/twentyseventeen/style.css
wp-content/themes/twentyseventeen/functions.php
wp-content/themes/twentyseventeen/assets/js/customize-controls.js
license.txt
wp-admin/css/edit-rtl.css
wp-admin/css/customize-nav-menus-rtl.css
wp-admin/css/edit-rtl.min.css
wp-admin/css/customize-nav-menus-rtl.min.css
wp-admin/css/edit.css
wp-admin/css/customize-nav-menus.css
wp-admin/css/edit.min.css
wp-admin/css/customize-nav-menus.min.css
wp-admin/widgets.php
wp-admin/update-core.php
wp-admin/about.php
wp-admin/includes/image.php
wp-admin/includes/post.php
wp-admin/includes/class-wp-screen.php
wp-admin/edit-tags.php
wp-admin/js/customize-controls.min.js
wp-admin/js/updates.js
wp-admin/js/customize-nav-menus.min.js
wp-admin/js/customize-controls.js
wp-admin/js/theme.min.js
wp-admin/js/updates.min.js
wp-admin/js/customize-nav-menus.js
wp-admin/js/theme.js

(完)

版权声明WordPress头条正在使用WordPress文章版权插件
如未注明,均为原创,转载需注明出处
本文链接地址:http://www.wptoutiao.com/news/49.html

WordPress 4.7.1的相关文章

新版发布的相关文章

还可以分享文章给好友:

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据