WordPress.org

Codex

Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Version 4.2.3

On July 23, 2015, WordPress 4.2.3 was released to the public. This is a security update for all previous WordPress versions.

Installation/Update Information

To download WordPress 4.2.3, update automatically from the Dashboard > Updates menu in your site's admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the announcement post, WordPress 4.2.3 fixes a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site (CVE-2015-5623).

The release also fixes an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft.

In addition to the security fixes, WordPress 4.2.3 contains fixes for 21 bugs from 4.2.2, including:

  • FIX - Upgrades: If a table has already been converted to utf8mb4, there's no need to try and convert it again. #32310
  • FIX - Remove a redundant index drop. #31388
  • FIX - Don't upgrade global tables to utf8mb4 when DO_NOT_UPGRADE_GLOBAL_TABLES is defined. #32154
  • FIX - Enable utf8mb4 for MySQL extension users. #32127
  • FIX - Plugin update rely upon wp_update_plugins() to check the contents of the transient and return early if no request needs to be made. #32198
  • FIX - WPDB: When extracting the table name from a query, there is a 1000 character limit on the SQL string that would be searched. #32763
  • FIX - WPDB: When checking that text isn't too long to insert into a column, LONGTEXT columns could fail, as their length is longer than PHP_INT_MAX. #32165
  • FIX - Plugin update handles the case where the plugin is installed into a different directory than it previously existed in. #32465
  • FIX - Plugin update feature doesn't recognize errors #32473
  • FIX - Plugin update error messages lack detail #32435
  • FIX - Multiple plugin updates: Even if one of plugins update fails, allow further updates to continue. #32110
  • FIX - In comment_form(), ensure that filtered arguments contain all required default values. #32312
  • FIX - WPDB: Remove some of the complexities in ::strip_invalid_text() associated with switching character sets between queries. #32165
  • FIX - WPDB: ::strip_text_from_query() doesn't pass a length to ::strip_invalid_text(), which was causing queries to fail when they contained characters that needed to be sanity checked by MySQL. #32279
  • FIX - Emoji script is producing errors on pages with SVG content #32305
  • FIX - Unable to drag widgets down page past certain length. #32094
  • FIX - TinyMCE: wpView: fix typo in createInstance that prevented instances from being reused. #32591
  • FIX - SCRIPT_DEBUG check in print_emoji_detection_script() generated PHP Notices. #32118
  • FIX - If the shortcode content contains HTML code, the TinyMCE View no longer works. #32078
  • FIX - Better handling when the credential form is long (such as when SSH is active). #32435
  • FIX - sanitize_option didn't handle a WP_Error Object. #32350

List of Files Revised

readme.html
wp-admin/about.php
wp-admin/js/dashboard.min.js
wp-admin/js/updates.min.js
wp-admin/js/common.js
wp-admin/js/widgets.js
wp-admin/js/dashboard.js
wp-admin/js/updates.js
wp-admin/js/common.min.js
wp-admin/js/widgets.min.js
wp-admin/css/forms.css
wp-admin/css/edit-rtl.css
wp-admin/css/login-rtl.min.css
wp-admin/css/press-this-rtl.css
wp-admin/css/widgets-rtl.css
wp-admin/css/press-this-rtl.min.css
wp-admin/css/edit.css
wp-admin/css/login.min.css
wp-admin/css/wp-admin-rtl.min.css
wp-admin/css/press-this.css
wp-admin/css/widgets.css
wp-admin/css/press-this.min.css
wp-admin/css/forms-rtl.css
wp-admin/css/wp-admin.min.css
wp-admin/includes/ajax-actions.php
wp-admin/includes/dashboard.php
wp-admin/includes/upgrade.php
wp-admin/post.php
wp-includes/capabilities.php
wp-includes/class-wp-embed.php
wp-includes/kses.php
wp-includes/wp-db.php
wp-includes/shortcodes.php
wp-includes/version.php
wp-includes/formatting.php
wp-includes/comment-template.php
wp-includes/js/media-audiovideo.js
wp-includes/js/wp-emoji.min.js
wp-includes/js/mce-view.min.js
wp-includes/js/wp-emoji.js
wp-includes/js/tinymce/plugins/wpview/plugin.js
wp-includes/js/tinymce/plugins/wpview/plugin.min.js
wp-includes/js/tinymce/wp-tinymce.js.gz
wp-includes/js/mce-view.js
wp-includes/js/media-audiovideo.min.js
wp-includes/js/wp-emoji-release.min.js
See also: other WordPress Versions.