WordPress 4.9.5

WordPress 4.9.5 was released from wordpress.org yesterday.

The WordPress 4.9.5 is a security and maintenance release and it is a recommended update for all versions since WordPress 3.7.

According to wordpress.org WordPress versions 4.9.4 and earlier are all affected by three security issues.

So three security fixes have been implemented in WordPress 4.9.5:

  1. Don’t treat localhost as same host by default.
  2. Use safe redirects when redirecting the login page if SSL is forced.
  3. Make sure the version string is correctly escaped for use in generator tags.

There are 25 other bugsfixes in WordPress 4.9.5

Some noteworthy fixes are:

  • The previous styles on caption shortcodes have been restored.
  • Cropping on touch screen devices is now supported.
  • A variety of strings such as error messages have been updated for better clarity.
  • The position of an attachment placeholder during uploads has been fixed.
  • Custom nonce functionality in the REST API JavaScript client has been made consistent throughout the code base.
  • Improved compatibility with PHP 7.2.

You can go to Make WordPress Core’s changelog for the 4.9.5 here.