{"id":4065,"date":"2016-02-02T17:57:13","date_gmt":"2016-02-02T17:57:13","guid":{"rendered":"https:\/\/wordpress.org\/news\/?p=4065"},"modified":"2022-11-18T22:53:52","modified_gmt":"2022-11-18T22:53:52","slug":"wordpress-4-4-2-security-and-maintenance-release","status":"publish","type":"post","link":"https:\/\/wordpress.org\/news\/2016\/02\/wordpress-4-4-2-security-and-maintenance-release\/","title":{"rendered":"WordPress 4.4.2 Security and Maintenance Release"},"content":{"rendered":"<p>WordPress 4.4.2 is now available. This is a\u00a0<strong>security release<\/strong>\u00a0for all previous versions and we strongly encourage you to update your sites immediately.<\/p>\n<p>WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by <a href=\"https:\/\/www.linkedin.com\/in\/ronni-skansing-36143b65\">Ronni Skansing<\/a>; and an open redirection attack, reported by <a href=\"https:\/\/twitter.com\/shailesh4594\">Shailesh Suthar<\/a>.<\/p>\n<p>Thank you to both reporters for practicing <a href=\"https:\/\/make.wordpress.org\/core\/handbook\/testing\/reporting-security-vulnerabilities\/\">responsible disclosure<\/a>.<\/p>\n<p>In addition to the security issues above,\u00a0WordPress 4.4.2 fixes 17 bugs from 4.4 and 4.4.1. For more information, see the\u00a0<a href=\"https:\/\/codex.wordpress.org\/Version_4.4.2\">release notes<\/a>\u00a0or consult the\u00a0<a href=\"https:\/\/core.trac.wordpress.org\/query?milestone=4.4.2\">list of changes<\/a>.<\/p>\n<p><a href=\"https:\/\/wordpress.org\/download\/\">Download WordPress 4.4.2<\/a>\u00a0or venture over to Dashboard \u2192 Updates and simply click \u201cUpdate Now.\u201d Sites that support automatic background updates are already beginning to update to WordPress 4.4.2.<\/p>\n<p>Thanks to everyone who contributed to 4.4.2:<\/p>\n<p><a href=\"https:\/\/profiles.wordpress.org\/afercia\/\">Andrea Fercia<\/a>,\u00a0<a href=\"https:\/\/profiles.wordpress.org\/berengerzyla\/\">berengerzyla<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/boonebgorges\/\">Boone Gorges<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/chandrapatel\/\">Chandra Patel<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/chriscct7\/\">Chris Christoff<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/dd32\/\">Dion Hulse<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/ocean90\/\">Dominik Schilling<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/firebird75\/\">firebird75<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/ivankristianto\/\">Ivan Kristianto<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/jmdodd\/\">Jennifer M. Dodd<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/salvoaranzulla\/\">salvoaranzulla<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress 4.4.2 is now available. This is a\u00a0security release\u00a0for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar. Thank you [&hellip;]<\/p>\n","protected":false},"author":12560283,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"episode_type":"","audio_file":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","date_recorded":"","explicit":"","block":"","filesize_raw":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[14,15],"tags":[179,437],"class_list":["post-4065","post","type-post","status-publish","format-standard","hentry","category-releases","category-security","tag-4-4","tag-minor-releases"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pZhYe-13z","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/4065","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/comments?post=4065"}],"version-history":[{"count":9,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/4065\/revisions"}],"predecessor-version":[{"id":13945,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/4065\/revisions\/13945"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wporg\/v1\/users\/samuelsidler"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/media?parent=4065"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/categories?post=4065"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/tags?post=4065"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}