A New Update

has just been released for WordPress titled 4.6.1 that addressed several security issues that have come to light. WordPress version 4.6 codenamed “Pepper” was released less than a month ago and we now have our first update for it. There were 2 security updates and 15 bug fixes in this update.

Is This Update Necessary?

Yes, as web developers here in Durham, NC we can’t understate how important security updates are to your WordPress website. WordPress is targeted by hackers all over the world for several reasons. The first is that it is open source, meaning all code related to the platform is available, making it a preferred target. The second is because it is the most popular CMS in the world. This puts a huge target on WordPress websites, but don’t be alarmed the WordPress team is on top of these threats. If you update your software and practice good internet password hygiene you shouldn’t have anything to worry about.

What Security Fixes Were Done

Two security fixes are included in this update. A cross-site scripting vulnerability via image filename, and a path traversal vulnerability in the upgrade package uploader, reported by the WordPress security team. The fact that these issues have already been identified and fixed in less than 3 weeks in another testament to the hard work of the WordPress team.

List Of 15 Bug Fixes?

Bootstrap/Load
#37680 – PHP Warning: ini_get_all() has been disabled for security reasons

Database
#37683 – $collate and $charset can be undefined in wpdb::init_charset()
#37689 – Issues with utf8mb4 collation and the 4.6 update

Editor
#37690 – Backspace causes jumping

Email
#37736 – Emails fail on certain server setups

External Libraries
#37700 – Warning: curl_exec() has been disabled for security reasons (Requests library)
#37720 – The minified version of the Masonry shim was not updated in #37666 (Masonry library)

HTTP API
#37733 – cURL error 3: malformed for remote requests
#37768 – HTTP API no longer accepts integer and float values for the cookies argument

Post Thumbnails
#37697 – Strange behavior with thumbnails on preview in 4.6

Script Loader
#37800 – Close “link rel” dns-prefetch tag

Taxonomy
#37721 – Improve error handling of is_object_in_term in taxonomy.php

Themes
#37755 – Visual Editor: Weird unicode (Vietnamese) characters display on WordPress 4.6

TinyMCE
#37760 – Problem with RTL

Upgrade/Install
#37731 – Infinite loop in _wp_json_sanity_check() during plugin install

Choose Oak City Tech, Your Local Web Design & SEO Company

We're local to the Raleigh/Durham/Chapel Hill area known as RTP, we take in person meetings, and we love to help local businesses and organizations succeed online. Contact us today and let us know how we can help you. We're serving actual local businesses and organizations and they're talking about us online.