今天有看到WordPress升级至5.3.1版本,如果我们在使用WP5.3版本的建议升级到最新版本应该这次包含四个安全问题。如果我们是其他版本的建议升级到其他版本的最新版本。这次四个安全问题包括:未经授权的用户可以通过REST API 设置文章置顶、跨站点脚本(XSS)可以存储、增强wp_kses_bad_protocol、块编辑器内容存在已存储的XSS漏洞,这几个问题。
同时还有几处的维护更新:
1、Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note).
2、Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
3、Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.
4、Embeds: remove CollegeHumor oEmbed provider as the service doesn’t exist anymore.
5、External libraries: update sodium_compat.
6、Site health: allow the remind interval for the admin email verification to be filtered.
7、Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
8、Users: ensure administration email verification uses the user’s locale instead of the site locale.
