Version 4.9.2

In this article

From the WordPress 4.9.2 release post: WordPress versions 4.9 and earlier are affected by an XSS vulnerability in the Flash fallback files in MediaElement 4.x, a library that is included with WordPress 4.9.

In addition to the security issue above, WordPress 4.9.2 contains 22 bug fixes.

Detailed Changes

Bundled Theme

  • #42820 – Twenty Seventeen -watch that language

Customize

  • #42492 – Selecting menu location changes line height
  • #42871 – Features box textstrings in Feature Filter area need new linebreak

Database

  • #42812 – Use MySQLi when available by default

Editor

  • #42664 – Editor link autocomplete suggestions: no fallback title displayed for posts with no title
  • #43012 – Cannot Update Post in Firefox Due to Editor and TinyMCE JavaScript TypeErrors

External Libraries

  • #42439 – Update random_compat external library for PHP 7 linting failure

Formatting

  • #42578 – PHP functions inside <p> tags creates new <p> tag, breaking the parent tag into two.

Media

  • #42225 – Whitelist Flac Files
  • #42447 – Mark test_remove_orientation_data_on_rotate as skipped when exif_read_data isn’t available
  • #42480 – Consistent suppression of `getimagesize()` errors
  • #42720 – Remove unnecessary MediaElement.js files

Plugins

  • #43082 – Add plugins search results: the plugin details modal opens in the thickbox modal

REST API

  • #42828 – Hard-coded 403 status in REST response should use `rest_authorization_required_code()`

Taxonomy

  • #42771 – WP_Term::get_instance() regression for non-category terms queried with ‘category’ taxonomy
  • #42605 – category_description() does not work properly since 4.9
  • #42717 – get_category_link() accepting object but not id

TinyMCE

  • #42416 – Code assumes iframe mode, exception in inline mode

Upgrade/Install

  • #42963 – Improve deletion of $_old_files during upgrades

Widgets

  • #42603 – Widgets Warning after activating theme and on dashboard widgets page
  • #42719 – Always attempt to restore widgets’ previous assignment
  • #42867 – HTML Widget: toggleClass() should be passed true/false as second param

List of Files Revised

 wp-admin/includes/update-core.php
wp-admin/includes/media.php
wp-admin/includes/image.php
wp-admin/css/customize-nav-menus.min.css
wp-admin/css/common-rtl.css
wp-admin/css/common-rtl.min.css
wp-admin/css/common.css
wp-admin/css/customize-nav-menus-rtl.css
wp-admin/css/customize-nav-menus-rtl.min.css
wp-admin/css/common.min.css
wp-admin/css/customize-nav-menus.css
wp-admin/js/plugin-install.min.js
wp-admin/js/editor.js
wp-admin/js/plugin-install.js
wp-admin/js/editor.min.js
wp-admin/js/widgets/custom-html-widgets.min.js
wp-admin/js/widgets/custom-html-widgets.js
wp-admin/theme-install.php
wp-admin/about.php
wp-includes/default-filters.php
wp-includes/rest-api/class-wp-rest-server.php
wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
wp-includes/wp-db.php
wp-includes/customize/class-wp-customize-themes-section.php
wp-includes/js/mce-view.js
wp-includes/js/mce-view.min.js
wp-includes/js/mediaelement/mediaelement-flash-video-hls.swf
wp-includes/js/mediaelement/mediaelement-flash-video-mdash.swf
wp-includes/js/mediaelement/lang/cs.js
wp-includes/js/mediaelement/lang/es.js
wp-includes/js/mediaelement/lang/fr.js
wp-includes/js/mediaelement/lang/hr.js
wp-includes/js/mediaelement/lang/ko.js
wp-includes/js/mediaelement/lang/nl.js
wp-includes/js/mediaelement/lang/pl.js
wp-includes/js/mediaelement/lang/hu.js
wp-includes/js/mediaelement/lang/it.js
wp-includes/js/mediaelement/lang/sk.js
wp-includes/js/mediaelement/lang/zh-cn.js
wp-includes/js/mediaelement/lang/uk.js
wp-includes/js/mediaelement/lang/ro.js
wp-includes/js/mediaelement/lang/zh.js
wp-includes/js/mediaelement/lang/ca.js
wp-includes/js/mediaelement/lang/pt.js
wp-includes/js/mediaelement/lang/ru.js
wp-includes/js/mediaelement/lang/fa.js
wp-includes/js/mediaelement/lang/de.js
wp-includes/js/mediaelement/lang/sv.js
wp-includes/js/mediaelement/lang/ja.js
wp-includes/js/mediaelement/lang
wp-includes/js/mediaelement/mediaelement-flash-audio.swf
wp-includes/js/mediaelement/mediaelement-flash-video.swf
wp-includes/js/mediaelement/renderers/dailymotion.js
wp-includes/js/mediaelement/renderers/facebook.js
wp-includes/js/mediaelement/renderers/dailymotion.min.js
wp-includes/js/mediaelement/renderers/facebook.min.js
wp-includes/js/mediaelement/renderers/soundcloud.js
wp-includes/js/mediaelement/renderers/soundcloud.min.js
wp-includes/js/mediaelement/renderers/twitch.js
wp-includes/js/mediaelement/renderers/twitch.min.js
wp-includes/js/mediaelement/mediaelement-flash-audio-ogg.swf
wp-includes/js/tinymce/plugins/wplink/plugin.js
wp-includes/js/tinymce/plugins/wplink/plugin.min.js
wp-includes/js/tinymce/wp-tinymce.js.gz
wp-includes/category-template.php
wp-includes/widgets.php
wp-includes/functions.php
wp-includes/media.php
wp-includes/random_compat/random_bytes_mcrypt.php
wp-includes/random_compat/random_bytes_dev_urandom.php
wp-includes/random_compat/random_bytes_openssl.php
wp-includes/random_compat/random_int.php
wp-includes/random_compat/random_bytes_libsodium.php
wp-includes/random_compat/random_bytes_com_dotnet.php
wp-includes/random_compat/random_bytes_libsodium_legacy.php
wp-includes/version.php
wp-content/plugins
wp-content/themes/twentyseventeen/front-page.php
license.txt

First published

Last updated