WordPress.org

Codex

Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Version 4.1.7

On August 4, 2015, WordPress 4.1.7 was released to the public. This is a security update for all previous WordPress versions.

Installation/Update Information

To download WordPress 4.1.7, update automatically from the Dashboard > Updates menu in your site's admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the announcement post, WordPress 4.1.7 fixes three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site (CVE-2015-2213).

It also includes a fix for a potential timing side-channel attack and prevents an attacker from locking a post from being edited.

List of Files Revised

readme.html
wp-admin/about.php
wp-admin/includes/post.php
wp-admin/post.php
wp-includes/class-wp-customize-widgets.php
wp-includes/class-wp-embed.php
wp-includes/default-widgets.php
wp-includes/formatting.php
wp-includes/post.php
wp-includes/shortcodes.php
wp-includes/theme.php
wp-includes/version.php
wp-includes/wp-db.php
See also: other WordPress Versions.