今天在外面收到邮件通知,网站有自动升级成WordPress 5.7.2版本,当然我知道应该是安全版本,因为之前从官方的更新进度可以知道下个版本应该是直接5.8的,如果这么临时的升级到5.7.2应该是有安全问题所以,我们应该及时的更新升级。
我们看下官方信息:
This security release features one security fix. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.
WordPress 5.7.2 is a short-cycle security release. The next major release will be version 5.8.
You can update to WordPress 5.7.2 by downloading from WordPress.org, or visit your Dashboard → Updates and click Update Now.
If you have sites that support automatic background updates, they’ve already started the update process.
Security Updates
One security issue affecting WordPress versions between 3.7 and 5.7. If you haven’t yet updated to 5.7, all WordPress versions since 3.7 have also been updated to fix the following security issue:
Object injection in PHPMailer, CVE-2020-36326 and CVE-2018-19296.
我们可以看到应该是比较严重的PHPMailer推送邮件安全问题。所有,我们还是尽快的升级更新版本。
关于WordPress升级可以参考这里:
1、WordPress程序自动与手动升级新版本的操作过程
