WordPress 5.8.1 is now available!
This security and maintenance release featuresย 60 bugย fixesย in addition to 3 security fixes. Because this is aย security release, it is recommended that you update your sites immediately. All versions since WordPress 5.4 have also been updated.
WordPress 5.8.1 is a short-cycle security and maintenance release. The next major release will be versionย 5.9.
You can download WordPress 5.8.1 by downloading from WordPress.org, or visit your Dashboard โ Updates and click Update Now.
If you have sites that support automatic background updates, theyโve already started the update process.
Security Updates
3 security issues affect WordPress versions between 5.4 and 5.8. If you havenโt yet updated to 5.8, all WordPress versions since 5.4 have also been updated to fix the following security issues:
- Propsย @mdawaffe, member of the WordPress Security Team for their work fixing a data exposure vulnerability within the REST API.
- Props to Michaล Bentkowski of Securitum for reporting a XSS vulnerability in the block editor.
- The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes.
In addition to these issues, the security team would like to thank the following people for reporting vulnerabilities during the WordPress 5.8 beta testing period, allowing them to be fixed prior to release:
- Propsย Evan Ricafortย for reporting a XSS vulnerability in the block editor discovered during the 5.8 releaseโs beta period.
- Propsย Steve Hentyย for reporting a privilege escalation issue in the block editor.
Thank you to all of the reporters forย privately disclosing the vulnerabilities. This gave the WordPress security team time to fix the vulnerabilities before WordPress sites could be attacked.
For more information, browse theย full list of changesย on Trac, or check out theย version 5.8.1 HelpHub documentation page.
Reposted from WordPress
