WordPress 5.7.1 Security and Maintenance Release

WordPress 5.7.1 is now available!

This security and maintenance release featuresย 26 bug fixesย in addition to two security fixes. Because this is aย security release, it is recommended that you update your sites immediately. All versions since WordPress 4.7 have also been updated.

WordPress 5.7.1 is a short-cycle security and maintenance release. The next major release will be version 5.8.

You can download WordPress 5.7.1 by downloading from WordPress.org, or visit your Dashboard โ†’ Updates and click Update Now.

If you have sites that support automatic background updates, theyโ€™ve already started the update process.

Security Updates

Two security issues affect WordPress versions between 4.7 and 5.7. If you havenโ€™t yet updated to 5.7, all WordPress versions since 4.7 have also been updated to fix the following security issues:

  • Thank youย SonarSourceย for reporting an XXE vulnerability within the media library affecting PHP 8.
  • Thanksย Mikael Korpelaย for reporting a data exposure vulnerability within the REST API.

Thank you to all of the reporters forย privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.

Props toย Adam Zielinski,ย Pascal Birchler,ย Peter Wilson,ย Juliette Reinders Folmer,ย Alex Concha,ย Ehtisham Siddiqui,ย Timothy Jacobsย and the WordPress security team for their work on these issues.

For more information, browse theย full list of changesย on Trac, or check out theย version 5.7.1 HelpHub documentation page.

Reposted from WordPress

Leave a Reply

Your email address will not be published. Required fields are marked *