WordPress.org

Codex

Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Version 4.2.2

On May 6, 2015, WordPress 4.2.2 was released to the public. This is both a security update for all previous WordPress versions, and a maintenance release for versions 4.2 and newer.

Installation/Update Information

To download WordPress 4.2.2, update automatically from the Dashboard > Updates menu in your site's admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the announcement post, WordPress 4.2.2 fixes a cross-site scripting vulnerability contained in an HTML file shipped with recent Genericons packages included in the Twenty Fifteen theme as well as a number of popular plugins by removing the file. Auto-updates and manual updates will remove this file, however manual installations and those using VCS checkout (like SVN) will not remove this file. Version 4.2.2 also improves on a fix for a critical cross-site scripting vulnerability introduced in 4.2.1.

The release also includes hardening for a potential cross-site scripting vulnerability when using the Visual editor.

In addition to the security fixes, WordPress 4.2.2 contains fixes for 13 bugs from 4.2.1, including:

  • Fixes an emoji loading error in IE9 and IE10
  • Fixes a keyboard shortcut for saving from the Visual editor on Mac
  • Fixes oEmbed for YouTube URLs to always expect https
  • Fixes how WordPress checks for encoding when sending strings to MySQL
  • Fixes a bug with allowing queries to reference tables in the dbname.tablename format
  • Lowers memory usage for a regex checking for UTF-8 encoding
  • Fixes an issue with trying to change the wrong index in the wp_signups table on utf8mb4 conversion
  • Improves performance of loop detection in _get_term_children()
  • Fixes a bug where attachment URLs were incorrectly being forced to use https in some contexts
  • Fixes a bug where creating a temporary file could end up in an endless loop.

List of Files Revised

wp-admin/js/editor-expand.js
wp-admin/about.php
wp-admin/includes/file.php
wp-admin/includes/update-core.php
wp-admin/includes/upgrade.php
wp-includes/taxonomy.php
wp-includes/compat.php
wp-includes/version.php
wp-includes/post.php
wp-includes/js/wp-emoji.js
wp-includes/js/wp-emoji-loader.js
wp-includes/js/tinymce/tiny_mce_popup.js
wp-includes/js/tinymce/tinymce.min.js
wp-includes/js/tinymce/plugins/wordpress/plugin.js
wp-includes/js/tinymce/tinymce.js
wp-includes/comment.php
wp-includes/wp-db.php
wp-includes/pluggable.php
wp-content/themes/twentyfifteen/genericons/example.html (deleted)
wp-content/themes/twentythirteen/genericons/example.html (deleted)
wp-content/themes/twentyfourteen/genericons/example.html (deleted)
readme.html
See also: other WordPress Versions.