WordPress 4.9.7 is a Security and Maintenance Release

WordPress 4.9.7 is a security and maintenance release for all versions since WordPress 3.7.

According to several security organizations monitoring WordPress security versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.

You should update your sites immediately, since version 4.9.7 contains fixes for this particular vulnerability.

Seventeen other bugs were fixed in WordPress 4.9.7

Of particular note are the following:

  • Taxonomy: Improve cache handling for term queries.
  • Posts, Post Types: Clear post password cookie when logging out.
  • Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen.
  • Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first.
  • Privacy: Make sure default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context.

Sites that support automatic background updates are already beginning to update automatically.