OperateLab
  • Home
  • Computers & Electronics
  • Technology
  • Reviews
No Result
View All Result
  • Home
  • Computers & Electronics
  • Technology
  • Reviews
OperateLab
No Result
View All Result

Home » Internet Marketing » WordPress 5.4.1 Addresses 7 Security Issues and Fixes Several Bugs

WordPress 5.4.1 Addresses 7 Security Issues and Fixes Several Bugs

David Wilson by David Wilson
February 10, 2020
in Internet Marketing
0
467
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter

WordPress 5.4.1, a security and maintenance release, dropped today. The release addresses seven security issues, which were all responsibly disclosed to the WordPress security team. Core developers also included several fixes for code regressions in the previous version 5.4 release and ported bug fixes to the block editor from the Gutenberg plugin.

End-users with automatic updates enabled should begin seeing their sites updated shortly. Other users should update as soon as possible to make sure they are running a version of WordPress with the latest security fixes.

The WordPress support team has published the full release documentation for those who wish to view it.

Security fixes were added to every major version of WordPress from 5.4 back to 3.7. The following vulnerabilities were addressed:

  • Password reset tokens were not correctly invalidated.
  • Some private posts could be viewed without authentication.
  • Two cross-site scripting (XSS) vulnerabilities in the customizer.
  • XSS issue in the search block.
  • XSS issue in the WordPress object cache.
  • XSS issue with file uploads.
  • XSS issue in the block editor for WordPress 5.4 Release Candidates 1 and 2 (fixed in 5.4 RC5).

Block Editor Updates

Several fixes were high priority enough from the Gutenberg plugin to port to the WordPress 5.4.1 release. The biggest user-facing issues were a broken block duplication keyboard shortcut, misaligned buttons blocks, and odd scrolling behavior when attempting to edit text in a long block.

The following is a full list of the issues the development team addressed:

  • Fixed the Ctrl + Shift + D keyboard shortcut for duplicating a block, which no longer throws an error.
  • Adds correct margins when aligning the buttons block left or right.
  • Prevents the editor from scrolling to the top when clicking to edit a large block, such as a long list.
  • No longer hides the toolbar for plugins that have text inputs in the toolbar.
  • Stops a JavaScript crash with the latest posts block when an image has missing dimensions.
  • Escapes the HTML class for the RSS and search blocks to prevent malformed markup.

To review the code changes to the block editor in-depth, see the full ticket list.

Other Core WordPress Changes

Users who run their browsers in dark mode can rejoice if they also use the core WordPress favicon. The team introduced an updated favicon with a light background so that it no longer washes out. It is a minor fix but makes the famed WordPress logo look more professional.

The heading level, which was previously set to <h3>, has been bumped up one level on the WordPress admin freedoms screen (wp-admin/freedoms.php). This change provides the proper heading level and should help screen-reading users better navigate the page.

For users on the Edge or iOS Safari browsers who could not select files in the media library, it was due to a CSS issue that hid the input. This should no longer be an issue in the new update.

WordPress 5.4.1 addressed some regressions from the previous version. One revolves around posting by email when no post title was added. In that scenario, the email subject should have been used as the title, but this was broken by a code change in WordPress 5.4. For developers, the category_link and tag_link filter hooks were mistakenly deprecated previously and are now once again good to use without throwing a notice.

Plugin developers have a few bug fixes to look forward to. The WP_Site_Health object is now instantiated after the plugins_loaded and after_setup_theme hooks, which means they can perform necessary actions before the site health is checked. The deprecated wp_get_user_request_data() function is now correctly loaded on the front end, which was causing errors with plugins such as BuddyPress.

In a larger design change, plugin authors who add custom content to the privacy policy guide can use more HTML elements. In WordPress 5.4, the guide design was updated to add a white background behind the suggested text. However, the new code only applied to paragraphs. Now, the design supports tables, lists, and other elements that are commonly used. Unordered lists also have bullet points to distinguish them from paragraphs.

The development team fixed two issues with the REST API. The first corrected an issue with the get_item permissions check. The second fixed the _fields filtering. The core code now uses the rest_is_field_included() function to determine which fields to include to permit filtering by nested field properties.

Previous Post

How To Set Up Email On A Mac And Add Multiple Email Addresses

Next Post

The impact of search in the age of customer experience

Related Posts

Six key SEO recommendations that matter in 2020

February 10, 2021

How To Create Custom WordPress HTTP Error Pages

December 24, 2020

What Is Managed WordPress Hosting and When Is It Worth the Extra Cost?

October 5, 2020

Get Started with Out-of-Home Advertising: Here’s How

September 24, 2020

9 Best Email Archiving Solutions – plus Links to Free Trials

June 26, 2020

Top 3 Best GoDaddy Alternatives for Roughly the Same Price (2020)

June 4, 2020
Next Post

The impact of search in the age of customer experience

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

No Result
View All Result

RECOMMENDEDREADS

Linux

5 best KDE-based Linux distributions to try out

by David Wilson
March 17, 2021
Smartphones

How to link your Nintendo Network ID and your Nintendo Account

by David Wilson
March 16, 2021
Technology

Everything You Need to Know About the Streaming Service

by David Wilson
March 13, 2021
Smartphones

Which Apps Won’t Work in iOS 13? Compatible iPhone Apps

by David Wilson
March 10, 2021
Technology

Moving from Media Temple to Flywheel — Plus a Quick Speed Comparison!

by David Wilson
March 8, 2021

Top Stories

5 best KDE-based Linux distributions to try out

March 17, 2021

How to link your Nintendo Network ID and your Nintendo Account

March 16, 2021

Everything You Need to Know About the Streaming Service

March 13, 2021

Find on Categories

  • Android (2)
  • Application (1)
  • Business & Industries (1)
  • Computers & Electronics (2)
  • General (5)
  • Internet (25)
  • Internet Marketing (10)
  • Linux (15)
  • macOS (3)
  • Reviews (2)
  • Smartphones (13)
  • Technology (117)
  • Traffic Corner (7)
  • Web Development (4)
  • Website Hosts (2)
  • Windows (60)

About Us

We are a community of technology enthusiasts who believe that technology should be available to all and an effort should be made to help everyone understand it.

Contact Us at editor@searchbells.com

Connect on Social

Quick Links

  • About Us
  • Contact Us
  • Advertising
  • Privacy Policy
  • Terms Of Services
  • DMCA Policy
  • Affiliate Disclosure

© 2020 Copyright | OperateLab | All Rights Reserved By Us | Reproduction Of Contents Is Not Allowed.

No Result
View All Result
  • Home
  • Computers & Electronics
  • Technology
  • Reviews

© 2020 Copyright | OperateLab | All Rights Reserved By Us | Reproduction Of Contents Is Not Allowed.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok