{"id":3827,"date":"2015-08-04T12:10:40","date_gmt":"2015-08-04T12:10:40","guid":{"rendered":"http:\/\/wordpress.org\/news\/?p=3827"},"modified":"2022-11-18T22:53:52","modified_gmt":"2022-11-18T22:53:52","slug":"wordpress-4-2-4-security-and-maintenance-release","status":"publish","type":"post","link":"https:\/\/wordpress.org\/news\/2015\/08\/wordpress-4-2-4-security-and-maintenance-release\/","title":{"rendered":"WordPress 4.2.4 Security and Maintenance Release"},"content":{"rendered":"<p>WordPress 4.2.4 is now available. This is a<strong>\u00a0security release<\/strong>\u00a0for all previous versions and we strongly encourage you to update your sites immediately.<\/p>\n<p>This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by <a href=\"https:\/\/sucuri.net\/\">Marc-Alexandre Montpas<\/a> of Sucuri, <a href=\"http:\/\/helenhousandi.com\/\">Helen Hou-Sand\u00ed<\/a> of the WordPress security team, <a href=\"http:\/\/www.checkpoint.com\/\">Netanel Rubin<\/a> of Check Point, and <a href=\"https:\/\/hackerone.com\/reactors08\">Ivan Grigorov<\/a>. It also includes a fix for a potential timing side-channel attack, discovered by <a href=\"http:\/\/www.scrutinizer-ci.com\/\">Johannes Schmitt<\/a> of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by <a href=\"https:\/\/www.linkedin.com\/in\/symbiansymoh\">Mohamed A. Baset<\/a>.<\/p>\n<p>Our thanks to those who have practiced\u00a0<a href=\"https:\/\/make.wordpress.org\/core\/handbook\/testing\/reporting-security-vulnerabilities\/\">responsible disclosure<\/a>\u00a0of security issues.<\/p>\n<p>WordPress 4.2.4 also fixes four\u00a0bugs.\u00a0For more information, see the\u00a0<a href=\"https:\/\/codex.wordpress.org\/Version_4.2.4\">release notes<\/a>\u00a0or consult the\u00a0<a href=\"https:\/\/core.trac.wordpress.org\/log\/branches\/4.2?rev=33573&amp;stop_rev=33396\">list of changes<\/a>.<\/p>\n<p><a href=\"https:\/\/wordpress.org\/download\/\">Download WordPress 4.2.4<\/a>\u00a0or venture over to Dashboard \u2192 Updates and simply click \u201cUpdate Now.\u201d Sites that support automatic background updates are already beginning to update to WordPress 4.2.4.<\/p>\n<p><em>Already testing WordPress 4.3? The second\u00a0release candidate is now available (<a href=\"https:\/\/wordpress.org\/wordpress-4.3-RC2.zip\">zip<\/a>) and it contains these fixes. For more on 4.3, see\u00a0<a href=\"https:\/\/wordpress.org\/news\/2015\/07\/wordpress-4-3-release-candidate\/\">the RC\u00a01 announcement post<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress 4.2.4 is now available. This is a\u00a0security release\u00a0for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sand\u00ed [&hellip;]<\/p>\n","protected":false},"author":12560283,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"episode_type":"","audio_file":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","date_recorded":"","explicit":"","block":"","filesize_raw":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[14,15],"tags":[164,437],"class_list":["post-3827","post","type-post","status-publish","format-standard","hentry","category-releases","category-security","tag-4-2","tag-minor-releases"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pZhYe-ZJ","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/3827","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/comments?post=3827"}],"version-history":[{"count":11,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/3827\/revisions"}],"predecessor-version":[{"id":3843,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/3827\/revisions\/3843"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wporg\/v1\/users\/samuelsidler"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/media?parent=3827"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/categories?post=3827"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/tags?post=3827"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}