Version 4.2.3

On July 23, 2015, WordPress 4.2.3 was released to the public. This is a security update for all previous WordPress versions.

Installation/Update Information

To download WordPress 4.2.3, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the announcement post, WordPress 4.2.3 fixes a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site (CVE-2015-5623).

The release also fixes an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft.

In addition to the security fixes, WordPress 4.2.3 contains fixes for 21 bugs from 4.2.2, including:

  • FIX – Upgrades: If a table has already been converted to utf8mb4, there’s no need to try and convert it again. #32310
  • FIX – Remove a redundant index drop. #31388
  • FIX – Don’t upgrade global tables to utf8mb4 when DO_NOT_UPGRADE_GLOBAL_TABLES is defined. #32154
  • FIX – Enable utf8mb4 for MySQL extension users. #32127
  • FIX – Plugin update rely upon wp_update_plugins() to check the contents of the transient and return early if no request needs to be made. #32198
  • FIX – WPDB: When extracting the table name from a query, there is a 1000 character limit on the SQL string that would be searched. #32763
  • FIX – WPDB: When checking that text isn’t too long to insert into a column, LONGTEXT columns could fail, as their length is longer than PHP_INT_MAX. #32165
  • FIX – Plugin update handles the case where the plugin is installed into a different directory than it previously existed in. #32465
  • FIX – Plugin update feature doesn’t recognize errors #32473
  • FIX – Plugin update error messages lack detail #32435
  • FIX – Multiple plugin updates: Even if one of plugins update fails, allow further updates to continue. #32110
  • FIX – In comment_form(), ensure that filtered arguments contain all required default values. #32312
  • FIX – WPDB: Remove some of the complexities in ::strip_invalid_text() associated with switching character sets between queries. #32165
  • FIX – WPDB: ::strip_text_from_query() doesn’t pass a length to ::strip_invalid_text(), which was causing queries to fail when they contained characters that needed to be sanity checked by MySQL. #32279
  • FIX – Emoji script is producing errors on pages with SVG content #32305
  • FIX – Unable to drag widgets down page past certain length. #32094
  • FIX – TinyMCE: wpView: fix typo in createInstance that prevented instances from being reused. #32591
  • FIX – SCRIPT_DEBUG check in print_emoji_detection_script() generated PHP Notices. #32118
  • FIX – If the shortcode content contains HTML code, the TinyMCE View no longer works. #32078
  • FIX – Better handling when the credential form is long (such as when SSH is active). #32435
  • FIX – sanitize_option didn’t handle a WP_Error Object. #32350

List of Files Revised

readme.html
wp-admin/about.php
wp-admin/js/dashboard.min.js
wp-admin/js/updates.min.js
wp-admin/js/common.js
wp-admin/js/widgets.js
wp-admin/js/dashboard.js
wp-admin/js/updates.js
wp-admin/js/common.min.js
wp-admin/js/widgets.min.js
wp-admin/css/forms.css
wp-admin/css/edit-rtl.css
wp-admin/css/login-rtl.min.css
wp-admin/css/press-this-rtl.css
wp-admin/css/widgets-rtl.css
wp-admin/css/press-this-rtl.min.css
wp-admin/css/edit.css
wp-admin/css/login.min.css
wp-admin/css/wp-admin-rtl.min.css
wp-admin/css/press-this.css
wp-admin/css/widgets.css
wp-admin/css/press-this.min.css
wp-admin/css/forms-rtl.css
wp-admin/css/wp-admin.min.css
wp-admin/includes/ajax-actions.php
wp-admin/includes/dashboard.php
wp-admin/includes/upgrade.php
wp-admin/post.php
wp-includes/capabilities.php
wp-includes/class-wp-embed.php
wp-includes/kses.php
wp-includes/wp-db.php
wp-includes/shortcodes.php
wp-includes/version.php
wp-includes/formatting.php
wp-includes/comment-template.php
wp-includes/js/media-audiovideo.js
wp-includes/js/wp-emoji.min.js
wp-includes/js/mce-view.min.js
wp-includes/js/wp-emoji.js
wp-includes/js/tinymce/plugins/wpview/plugin.js
wp-includes/js/tinymce/plugins/wpview/plugin.min.js
wp-includes/js/tinymce/wp-tinymce.js.gz
wp-includes/js/mce-view.js
wp-includes/js/media-audiovideo.min.js
wp-includes/js/wp-emoji-release.min.js

First published

Last updated