{"id":17195,"date":"2024-04-09T22:00:18","date_gmt":"2024-04-09T22:00:18","guid":{"rendered":"https:\/\/wordpress.org\/news\/?p=17195"},"modified":"2024-04-10T20:50:13","modified_gmt":"2024-04-10T20:50:13","slug":"wordpress-6-5-2-maintenance-and-security-release","status":"publish","type":"post","link":"https:\/\/wordpress.org\/news\/2024\/04\/wordpress-6-5-2-maintenance-and-security-release\/","title":{"rendered":"WordPress 6.5.2 Maintenance and Security Release"},"content":{"rendered":"\n<p><strong>Note: Due to an issue with the initial package, WordPress 6.5.1 was not released. 6.5.2 is the first minor release for WordPress 6.5.<\/strong><\/p>\n\n\n\n<p>This security and maintenance release features <a href=\"https:\/\/core.trac.wordpress.org\/query?status=closed&amp;id=!60398&amp;milestone=6.5.2&amp;group=status&amp;order=priority\">2 bug fixes on Core<\/a>, <a href=\"https:\/\/github.com\/WordPress\/gutenberg\/pull\/60577\">12 bug fixes for the Block Editor<\/a>, and 1 security fix.<\/p>\n\n\n\n<p><strong>Because this is a security release, it is recommended that you update your sites immediately.<\/strong> Backports are also available for other major WordPress releases, 6.0 and later.<\/p>\n\n\n\n<p>You can <a href=\"https:\/\/wordpress.org\/wordpress-6.5.2.zip\">download WordPress 6.5.2 from WordPress.org<\/a>, or visit your WordPress Dashboard, click \u201cUpdates\u201d, and then click \u201cUpdate Now\u201d. If you have sites that support automatic background updates, the update process will begin automatically.<\/p>\n\n\n\n<p>WordPress 6.5.2 is a short-cycle release. The next major release will be <a href=\"https:\/\/make.wordpress.org\/core\/6-6\/\">version 6.6<\/a> and is currently planned for 16 July 2024.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Security updates included in this release<\/h2>\n\n\n\n<p>The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A cross-site scripting (XSS) vulnerability affecting the Avatar block type; reported by <a href=\"https:\/\/johnblackbourn.com\/\">John Blackbourn<\/a> of the WordPress security team. Many thanks to <a href=\"https:\/\/twitter.com\/stealthcopter\">Mat Rollings<\/a> for assisting with the research.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Thank you to these WordPress contributors<\/h2>\n\n\n\n<p>This release was led by <a href=\"https:\/\/profiles.wordpress.org\/johnbillion\/\">John Blackbourn<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/isabel_brison\/\">Isabel Brison<\/a>, and <a href=\"https:\/\/profiles.wordpress.org\/jorbin\/\">Aaron Jorbin<\/a>.<\/p>\n\n\n\n<p>WordPress 6.5.2 would not have been possible without the contributions of the following people. Their asynchronous coordination to deliver maintenance and security fixes into a stable release is a testament to the power and capability of the WordPress community.<\/p>\n\n\n\n<p class=\"is-style-wporg-props-medium\"><a href=\"https:\/\/profiles.wordpress.org\/jorbin\/\">Aaron Jorbin<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/wildworks\">Aki Hamano<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/andraganescu\">Andrei Draganescu<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/artemiosans\">Artemio Morales<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/iCaleb\">Caleb Burks<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/colind\">colind<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/talldanwp\">Daniel Richards<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/ocean90\">Dominik Schilling<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/fabiankaegy\">Fabian K\u00e4gy<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/mamaduka\">George Mamadashvili<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/gziolo\">Greg Zi\u00f3\u0142kowski<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/isabel_brison\">Isabel Brison<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/audrasjb\">Jb Audras<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/joemcgill\">Joe McGill<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/johnbillion\">John Blackbourn<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/desrosj\">Jonathan Desrosiers<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/thelovekesh\">Lovekesh Kumar<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/mmaattiiaass\">Matias Benedetto<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/mukesh27\">Mukesh Panchal<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/swissspidy\">Pascal Birchler<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/peterwilsoncc\">Peter Wilson<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/sean212\">Sean Fisher<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/SergeyBiryukov\">Sergey Biryukov<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/coffee2code\/\">Scott Reilly<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to contribute<\/h2>\n\n\n\n<p>To get involved in WordPress core development, head over to Trac, <a href=\"https:\/\/core.trac.wordpress.org\/report\/6\">pick a ticket<\/a>, and join the conversation in the <a href=\"https:\/\/wordpress.slack.com\/archives\/C02RQBWTW\">#core<\/a> channel. Need help? Check out the <a href=\"https:\/\/make.wordpress.org\/core\/handbook\/\">Core Contributor Handbook<\/a>.<\/p>\n\n\n\n<p><em>Thanks to <a href=\"https:\/\/profiles.wordpress.org\/johnbillion\/\">John Blackbourn<\/a>, <em><a href=\"https:\/\/profiles.wordpress.org\/ehtis\">Ehtisham S.<\/a>,<\/em><\/em> <a href=\"https:\/\/profiles.wordpress.org\/audrasjb\">Jb Audras<\/a>, <em>and <em><a href=\"https:\/\/profiles.wordpress.org\/angelasjin\/\">Angela Jin<\/a><\/em> for proofreading.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Note: Due to an issue with the initial package, WordPress 6.5.1 was not released. 6.5.2 is the first minor release for WordPress 6.5. This security and maintenance release features 2 bug fixes on Core, 12 bug fixes for the Block Editor, and 1 security fix. Because this is a security release, it is recommended that [&hellip;]<\/p>\n","protected":false},"author":2738372,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"episode_type":"","audio_file":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","date_recorded":"","explicit":"","block":"","filesize_raw":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[14,15],"tags":[],"class_list":["post-17195","post","type-post","status-publish","format-standard","hentry","category-releases","category-security"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pZhYe-4tl","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/17195","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/users\/2738372"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/comments?post=17195"}],"version-history":[{"count":9,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/17195\/revisions"}],"predecessor-version":[{"id":17204,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/17195\/revisions\/17204"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/media?parent=17195"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/categories?post=17195"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/tags?post=17195"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}