{"id":4311,"date":"2016-06-18T09:38:15","date_gmt":"2016-06-18T09:38:15","guid":{"rendered":"https:\/\/wordpress.org\/news\/?p=4311"},"modified":"2022-11-18T22:53:15","modified_gmt":"2022-11-18T22:53:15","slug":"wordpress-4-5-3","status":"publish","type":"post","link":"https:\/\/wordpress.org\/news\/2016\/06\/wordpress-4-5-3\/","title":{"rendered":"WordPress 4.5.3 Maintenance and Security Release"},"content":{"rendered":"<p>WordPress 4.5.3 is now available.\u00a0This is a\u00a0<strong>security release<\/strong>\u00a0for all previous versions and we strongly encourage you to update your sites immediately.<\/p>\n<p>WordPress versions 4.5.2 and earlier are affected by several\u00a0security issues: redirect bypass in the customizer, reported by\u00a0<a href=\"http:\/\/yassineaboukir.com\">Yassine Aboukir<\/a>; two different XSS problems via attachment names, reported by\u00a0<a href=\"https:\/\/klikki.fi\/\">Jouko Pynn\u00f6nen<\/a>\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/divy_er\">Divyesh Prajapati<\/a>; revision history information disclosure, reported independently by <a href=\"https:\/\/profiles.wordpress.org\/johnbillion\/\">John Blackbourn<\/a>\u00a0from the WordPress security team and by\u00a0Dan Moen from the Wordfence Research Team; oEmbed denial of service reported by Jennifer Dodd from Automattic; unauthorized category removal from a post, reported by\u00a0David Herrera from\u00a0<a href=\"https:\/\/www.alleyinteractive.com\/\">Alley Interactive<\/a>; password change via stolen cookie, reported by <a href=\"https:\/\/blogwaffe.com\/\">Michael Adams<\/a> from the WordPress security team; and some less secure <code>sanitize_file_name<\/code> edge cases reported by <a href=\"http:\/\/peter.westwood.name\/\">Peter Westwood<\/a>\u00a0of \u00a0the WordPress security team.<\/p>\n<p>Thank you to the\u00a0reporters for practicing <a href=\"https:\/\/make.wordpress.org\/core\/handbook\/testing\/reporting-security-vulnerabilities\/\">responsible disclosure<\/a>.<\/p>\n<p>In addition to the security issues above,\u00a0WordPress 4.5.3 fixes 17 bugs from 4.5, 4.5.1 and 4.5.2. For more information, see the\u00a0<a href=\"https:\/\/codex.wordpress.org\/Version_4.5.3\">release notes<\/a>\u00a0or consult the\u00a0<a href=\"https:\/\/core.trac.wordpress.org\/query?milestone=4.5.3\">list of changes<\/a>.<\/p>\n<p><a href=\"https:\/\/wordpress.org\/download\/\">Download WordPress 4.5.3<\/a>\u00a0or venture over to Dashboard \u2192 Updates and simply click \u201cUpdate Now.\u201d Sites that support automatic background updates are already beginning to update to WordPress 4.5.3.<\/p>\n<p>Thanks to everyone who contributed to 4.5.3:<\/p>\n<p><a href=\"https:\/\/profiles.wordpress.org\/boonebgorges\/\">Boone Gorges<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/neverything\/\">Silvan Hagen<\/a>,\u00a0<a href=\"https:\/\/profiles.wordpress.org\/vortfu\/\">vortfu<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/ericlewis\/\">Eric Andrew Lewis<\/a>,\u00a0<a href=\"https:\/\/profiles.wordpress.org\/nbachiyski\/\">Nikolay Bachiyski<\/a>, \u00a0<a href=\"https:\/\/profiles.wordpress.org\/mdawaffe\/\">Michael Adams<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/jeremyfelt\/\">Jeremy Felt<\/a>,\u00a0<a href=\"https:\/\/profiles.wordpress.org\/ocean90\/\">Dominik Schilling<\/a>,\u00a0<a href=\"https:\/\/profiles.wordpress.org\/westonruter\/\">Weston Ruter<\/a>,\u00a0<a href=\"https:\/\/profiles.wordpress.org\/dd32\/\">Dion Hulse<\/a>,\u00a0<a href=\"https:\/\/profiles.wordpress.org\/rachelbaker\/\">Rachel Baker<\/a>,\u00a0<a href=\"https:\/\/profiles.wordpress.org\/xknown\/\">Alex Concha<\/a>,\u00a0<a href=\"https:\/\/profiles.wordpress.org\/jmdodd\/\">Jennifer M. Dodd<\/a>,\u00a0<a href=\"https:\/\/profiles.wordpress.org\/kraftbj\/\">Brandon Kraft<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/pento\/\">Gary Pendergast<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/iseulde\/\">Ella Iseulde Van Dorpe<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/joemcgill\/\">Joe McGill<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/swissspidy\/\">Pascal Birchler<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/SergeyBiryukov\/\">Sergey Biryukov<\/a>,\u00a0<a href=\"https:\/\/profiles.wordpress.org\/dlh\/\">David Herrera<\/a>\u00a0and <a href=\"https:\/\/profiles.wordpress.org\/adamsilverstein\/\">Adam Silverstein<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress 4.5.3 is now available.\u00a0This is a\u00a0security release\u00a0for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.2 and earlier are affected by several\u00a0security issues: redirect bypass in the customizer, reported by\u00a0Yassine Aboukir; two different XSS problems via attachment names, reported by\u00a0Jouko Pynn\u00f6nen\u00a0and\u00a0Divyesh Prajapati; revision history information disclosure, reported [&hellip;]<\/p>\n","protected":false},"author":10464658,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"episode_type":"","audio_file":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","date_recorded":"","explicit":"","block":"","filesize_raw":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[14,15],"tags":[181,437],"class_list":["post-4311","post","type-post","status-publish","format-standard","hentry","category-releases","category-security","tag-4-5","tag-minor-releases"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pZhYe-17x","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/4311","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/users\/10464658"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/comments?post=4311"}],"version-history":[{"count":19,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/4311\/revisions"}],"predecessor-version":[{"id":13943,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/4311\/revisions\/13943"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/media?parent=4311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/categories?post=4311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/tags?post=4311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}