WordPress 4.6.1
7 September 2016
WordPress version 4.6.1 is now available (security release).
Upgrading to WordPress 4.6.1
WordPress 4.6.1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply WordPress updates as new versions are released, or use Installatron's Clone feature to duplicate an existing WordPress install to test the 4.6.1 upgrade prior to applying it live. Get started managing your WordPress installations with Installatron
What's New in WordPress 4.6.1
WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.
Changelog
- #37680 Bootstrap/Load: PHP Warning: ini_get_all() has been disabled for security reasons
- #37683 Database: $collate and $charset can be undefined in wpdb::init_charset()
- #37689 Database: Issues with utf8mb4 collation and the 4.6 update
- #37690 Editor: Backspace causes jumping
- #37736 Email: Emails fail on certain server setups
- #37700 External Libraries: Warning: curl_exec() has been disabled for security reasons (Requests library)
- #37720 External Libraries: The minified version of the Masonry shim was not updated in #37666 (Masonry library)
- #37733 HTTP API: cURL error 3: malformed for remote requests
- #37768 HTTP API: HTTP API no longer accepts integer and float values for the cookies argument
- #37697 Post Thumbnails: Strange behavior with thumbnails on preview in 4.6
- #37800 Script Loader: Close “link rel” dns-prefetch tag
- #37721 Taxonomy: Improve error handling of is_object_in_term in taxonomy.php
- #37755 Themes: Visual Editor: Weird unicode (Vietnamese) characters display on WordPress 4.6
- #37760 TinyMCE: Problem with RTL
- #37731 Upgrade/Install: Infinite loop in _wp_json_sanity_check() during plugin install