WordPress Wednesday #4: Do I Really Need To Update To WordPress 4.6.1?
A New Update
has just been released for WordPress titled 4.6.1 that addressed several security issues that have come to light. WordPress version 4.6 codenamed “Pepper” was released less than a month ago and we now have our first update for it. There were 2 security updates and 15 bug fixes in this update.
Is This Update Necessary?
Yes, as web developers here in Durham, NC we can’t understate how important security updates are to your WordPress website. WordPress is targeted by hackers all over the world for several reasons. The first is that it is open source, meaning all code related to the platform is available, making it a preferred target. The second is because it is the most popular CMS in the world. This puts a huge target on WordPress websites, but don’t be alarmed the WordPress team is on top of these threats. If you update your software and practice good internet password hygiene you shouldn’t have anything to worry about.
What Security Fixes Were Done
Two security fixes are included in this update. A cross-site scripting vulnerability via image filename, and a path traversal vulnerability in the upgrade package uploader, reported by the WordPress security team. The fact that these issues have already been identified and fixed in less than 3 weeks in another testament to the hard work of the WordPress team.
List Of 15 Bug Fixes?
#37680 – PHP Warning: ini_get_all() has been disabled for security reasons
#37683 – $collate and $charset can be undefined in wpdb::init_charset()
#37689 – Issues with utf8mb4 collation and the 4.6 update
#37690 – Backspace causes jumping
#37736 – Emails fail on certain server setups
#37700 – Warning: curl_exec() has been disabled for security reasons (Requests library)
#37720 – The minified version of the Masonry shim was not updated in #37666 (Masonry library)
#37733 – cURL error 3: malformed for remote requests
#37768 – HTTP API no longer accepts integer and float values for the cookies argument
#37697 – Strange behavior with thumbnails on preview in 4.6
#37800 – Close “link rel” dns-prefetch tag
#37721 – Improve error handling of is_object_in_term in taxonomy.php
#37755 – Visual Editor: Weird unicode (Vietnamese) characters display on WordPress 4.6
#37760 – Problem with RTL
#37731 – Infinite loop in _wp_json_sanity_check() during plugin install