WordPress 5.4.2版本发布,BUG维护和安全更新

新逸网络 1.6K 0

 

  WordPress 5.4.2版本于6月10日发布,11日很多站长都收到了自动推送更新的邮件。

自动更新邮件内容

嗨!您位于 https://www.baidu.com 的站点已被成功升级到WordPress 5.4.2。

您不需要再做什么。 要获取更多关于5.4.2版本的信息,请参阅“关于WordPress”屏幕:
https://www.baidu.com/wp-admin/about.php

如果您遇到了任何问题或需要帮助,WordPress.org支持论坛的志愿者或许能帮到您。
https://wordpress.org/support/forums/

您的一些插件或主题也有更新可用,请更新它们:
https://www.baidu.com/wp-admin/

WordPress小组


更新内容图文简介

WordPress 5.4.2版本发布,BUG维护和安全更新
WordPress 5.4.2版本发布,BUG维护和安全更新
WordPress 5.4.2版本发布,BUG维护和安全更新
WordPress 5.4.2版本发布,BUG维护和安全更新
WordPress 5.4.2版本发布,BUG维护和安全更新
WordPress 5.4.2版本发布,BUG维护和安全更新


更新内容(官方英文版)

官方网址:
https://wordpress.org/support/wordpress-version/version-5-4-2/

Version 5.4.2

On June 10, 2020, WordPress 5.4.2 was released to the public.

Installation/Update Information #Installation/Update Information
To download WordPress 5.4.2, update automatically from the Dashboard > Updates menu in your site’s admin area or visit WordPress releases archive.

For step-by-step instructions on installing and updating WordPress:

Updating WordPress
If you are new to WordPress, we recommend that you begin with the following:

New To WordPress – Where to Start
First Steps With WordPress or Upgrading WordPress Extended
WordPress Lessons

Summary #Summary
Security updates #Security updates
Five security issues affect WordPress versions 5.4 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor
Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect()
Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads
Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation
Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

Maintenance updates #Maintenance updates
WordPress 5.4.2 features 22 bug and regression fixes on both core and default themes.

49956 – Spammers able to share unmoderated comments (see related devnote below)
49749 – Registering rest routes with a slash-prefixed namespace give inconsistent results
49798 – Default WordPress favicon in dark mode browsers
49808 – WordPress 5.4: Deprecated: tag_row_actions is deprecated since version 3.0.0
50121 – About page: correcting the order of headings
50131 – Absent custom favicon triggers wp-admin .htaccess/.htpasswd prompt on frontend in FIrefox
49353 – button padding issue in edit plug on small device
37926 – Twenty Eleven & Twenty Twelve: Dropdown category widget exceeds parent div when strings are long enough
45865 – Twenty Nineteen: Consider decreasing the font size for widget titles
48803 – Twenty Twenty: Custom post type that doesn’t support author, shows author
48916 – Twenty Twenty: anchor links don’t work in mobile menu
49088 – Twenty Twenty: Add icon for g.page links (Google business profile)
49316 – Twenty Twenty missed license for images.
49320 – Twenty Twenty: aligncenter>figcaption missing text-align: center; feature
49322 – Twenty Twenty: Submenu items disappear underneath the Cover block
49435 – Twenty Twenty: inconsistent top and bottom margins for .alignwide and .alignfull on Chrome vs Safari (cross browser issue)
49699 – Twenty Nineteen: Center- and right-aligned heading accents appear broken
49793 – Twenty Twenty: Images in list blocks are not positioned correctly
49893 – TwentyTwenty: TikTok and ResearchGate Social Icons
49932 – Small Typo in Twenty-Twenty
Thank you to everyone who contributed to WordPress 5.4.2:

Andrea Fercia, argentite, M Asif Rahman, Jb Audras, Ayesh Karunaratne, bdcstr, Delowar Hossain, Rob Migchels, donmhico, Emilie LEBRUN, finomeno, garethgillman, Giorgio25b, Gabriel Maldonado, Hector F, Ian Belanger, Mathieu Viet, Javier Casares, Joe McGill, jonkolbert, Jono Alderson, Joy, Tammie Lister, Kjell Reigstad, KT, markusthiel, Mayank Majeji, Mel Choyce-Dwan, mislavjuric, Mukesh Panchal, Nikhil Bhansi, oakesjosh, Dominik Schilling, Arslan Ahmed, Peter Wilson, Carolina Nymark, Stephen Bernhardt, Sam Fullalove, Alain Schlesser, Sergey Biryukov, skarabeq, Toni Viemerö, suzylah, Timothy Jacobs, TeBenachi, Jake Spurlock and yuhin.

For more information, browse the full list of changes on Trac.

Notes for developers #Notes for developers

List of Files Revised #List of Files Revised
wp-admin/about.php
wp-admin/themes.php
wp-admin/css/common.css
wp-admin/images/w-logo-blue.png
wp-admin/includes/class-wp-site-health.php
wp-admin/includes/class-wp-terms-list-table.php
wp-admin/includes/media.php
wp-admin/includes/misc.php
wp-admin/includes/theme.php
wp-content/themes/twentyeleven/style.css
wp-content/themes/twentynineteen/sass/mixins/_mixins-master.scss
wp-content/themes/twentynineteen/sass/site/secondary/_widgets.scss
wp-content/themes/twentynineteen/style-editor.css
wp-content/themes/twentynineteen/style-rtl.css
wp-content/themes/twentynineteen/style.css
wp-content/themes/twentytwelve/style.css
wp-content/themes/twentytwenty/assets/js/index.js
wp-content/themes/twentytwenty/classes/class-twentytwenty-svg-icons.php
wp-content/themes/twentytwenty/inc/template-tags.php
wp-content/themes/twentytwenty/readme.txt
wp-content/themes/twentytwenty/style-rtl.css
wp-content/themes/twentytwenty/style.css
wp-content/themes/twentytwenty/template-parts/content-cover.php
wp-content/themes/twentytwenty/template-parts/content.php
wp-includes/class-walker-comment.php
wp-includes/class-wp-comment-query.php
wp-includes/class-wp.php
wp-includes/comment-template.php
wp-includes/comment.php
wp-includes/default-filters.php
wp-includes/embed.php
wp-includes/functions.php
wp-includes/images/w-logo-blue-white-bg.png
wp-includes/pluggable.php
wp-includes/rest-api.php
wp-includes/version.php
package-lock.json
package.json
wp-comments-post.php

Updated packages #Updated packages
@wordpress/block-library: 2.4.7
@wordpress/edit-post: 3.3.7


更新内容(在线翻译版)

版本5.4.2

2020年6月10日,WordPress 5.4.2向公众发布。

安装/更新信息#安装/更新信息
要下载WordPress 5.4.2,请从网站管理区的“仪表板”>“更新”菜单中自动更新,或者访问WordPress发行版档案。

有关安装和更新WordPress的分步说明:

更新WordPress
如果您对WordPress不熟悉,我们建议您从以下内容开始:

WordPress新手–从哪里开始
WordPress或升级WordPress扩展版的第一步
WordPress课程

摘要#摘要
安全更新#安全更新
五个安全问题影响了WordPress和更早的版本;版本5.4.2修复了它们,所以您需要升级。如果您还没有更新到5.4,也有5.3和更早版本的更新来解决安全问题。

支持萨姆·托马斯(jazzy 25)发现XSS问题,在该问题中,经过身份验证的低权限用户能够将JavaScript添加到块编辑器的帖子中
对Luigi的支持——发现了一个XSS问题,拥有上传权限的认证用户能够向媒体文件添加JavaScript。
感谢WordPress安全团队的本·毕德纳在wp_validate_redirect()中发现了一个开放的重定向问题
通过主题上传找到一个经过认证的XSS问题的道具
支持RIPS技术公司的西蒙·斯坎内尔发现一个问题,即设置屏幕选项可能被插件滥用,导致权限升级
卡罗琳娜·尼马克发现了一个问题,在这个问题上,来自受密码保护的帖子和页面的评论可以在特定条件下显示。

维护更新#维护更新
WordPress 5.4.2在核心和默认主题上都有22个bug和回归修复。

49956–垃圾邮件发送者能够分享不受限制的评论(参见下面的相关发展说明)
49749–用带斜杠前缀的名称空间注册rest路由会产生不一致的结果
49798–暗模式浏览器中的默认文字按钮图标
49808–WordPress 5.4:已弃用:自3.0.0版以来,标记_行_操作已弃用
50121–关于页面:更正标题的顺序
50131–缺少自定义图标触发wp-admin。htaccess/。FIrefox前端的htpasswd提示
49353–小设备上编辑插头的按钮填充问题
37926–211和212:当字符串足够长时,下拉类别小部件超过了父类别
45865–2019:考虑减小小部件标题的字体大小
48803–20:不支持作者的自定义帖子类型,显示作者
48916–20:锚链接在移动菜单中不起作用
49088–20:为网页链接添加图标(谷歌商业简介)
49316–20张图片未获得许可。
49320–20:对齐中心>图形标题缺少文本-对齐:中心;特征
49322–20:子菜单项消失在封面块下面
49435–20:的顶部和底部边距不一致。alignwide和。在Chrome vs Safari上对齐(跨浏览器问题)
49699–2019:居中和右对齐的标题重音出现中断
49793–20:列表块中的图像位置不正确
49893–20岁:TikTok和ResearchGate社交图标
49932–2020年的小打字错误
感谢所有为WordPress 5.4.2做出贡献的人:

Andrea Fercia,argentite,M Asif Rahman,Jb Audras,Ayesh Karunaratne,bdcstr,Delowar Hossain,Rob Migchels,donmhico,Emilie LEBRUN,finomeno,garethgillman,Giorgio25b,Gabriel Maldonado,Hector F,Ian Belanger,Mathieu Viet,Javier Casares,Joe McGill,jonkolbert,Jono奥尔德逊,Joy,Tammie Lister,Kjell Reigstad,KT,markusthiel,Mayank Majeji,Mel Choos

有关更多信息,请浏览Trac上更改的完整列表。

开发者须知#开发者须知

修订的文件列表#修订的文件列表
wp-admin/about.php
wp-admin/themes.php
wp-admin/css/common.css
WP-管理/图像/w-徽标-蓝色. png
WP-admin/includes/class-WP-site-health . PHP
WP-admin/includes/class-WP-terms-list-table . PHP
wp-admin/includes/media.php
wp-admin/includes/misc.php
wp-admin/includes/theme.php
WP-内容/主题/211/style . CSS
WP-内容/主题/twenty 19/sass/mixins/_ mixins-master . scss
WP-内容/主题/219/sass/site/secondary/_ widgets . scss
WP-内容/主题/219/style-editor . CSS
WP-content/themes/twenty 19/style-RTL . CSS
WP-内容/主题/219/style . CSS
WP-内容/主题/212/style . CSS
WP-内容/主题/220/assets/js/index . js
WP-content/themes/220/class/class-220-SVG-icons . PHP
WP-内容/主题/220/Inc/template-tags . PHP
WP-内容/主题/220/readme . txt


附:关闭自动更新的方法(不建议)

  • 编辑wp-config.php添加以下内容
define('AUTOMATIC_UPDATER_DISABLED', true);
  • 在主题functions.php文件中添加
add_filter( 'automatic_updater_disabled', '__return_true' );

发表评论 取消回复
表情 图片 链接 代码

分享