Version 4.5.3

On 21 June, 2016, WordPress 4.5.3 was released to the public.

Installation/Update Information

To download WordPress 4.5.3, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the WordPress 4.5.3 release notes, WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati; revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen; oEmbed denial of service reported by Jennifer Dodd from Automattic; unauthorized category removal from a post, reported by David Herrera from Alley Interactive; password change via stolen cookie, reported by Michael Adams from the WordPress security team; and some less secure sanitize_file_name edge cases reported by Peter Westwood of the WordPress security team.

WordPress 4.5.3 also fixes 17 bugs from 4.5, 4.5.1 and 4.5.2:

  • #35657 Image height calculation not always available on body.load
  • #36379 Saving post can remove its hierarchical terms if user cannot assign terms
  • #36531 Default image size medium_large is not generated
  • #36533 Browse Media doesn’t work on front-end
  • #36590 POST[‘nav-menu-data’] breaks other POST
  • #36637 Inline linking inserts `_wp_link_placeholder`
  • #36660 WP_Customize_Widgets::preview_sidebars_widgets() can return false
  • #36708 Silence ini_set() in wp_debug_mode() if WP_DEBUG is off
  • #36748 Updating tables to utf8mb4 causes some columns to change type
  • #36749 Customizer wont load: issue with site-icon control
  • #36767 oEmbed performance optimisation
  • #36793 Customizer doesn’t load in IE8
  • #36838 Invalid argument supplied for foreach() in /wp-includes/theme-compat/embed-content.php
  • #36861 The Insert into post button in the Edit Image window doesn’t work.
  • #36876 TinyMCE: inline toolbars don’t adjust position
  • #36892 Update jQuery migrate to 1.4.1
  • #36900 Media grid AttachmentsBrowser arrows navigation and restoreFocus()

List of Files Revised

readme.html
wp-admin/about.php
wp-admin/nav-menus.php
wp-admin/includes/ajax-actions.php
wp-admin/includes/upgrade.php
wp-admin/includes/post.php
wp-admin/includes/class-wp-media-list-table.php
wp-admin/options.php
wp-admin/revision.php
wp-includes/load.php
wp-includes/default-filters.php
wp-includes/theme-compat/embed-content.php
wp-includes/embed.php
wp-includes/class-wp-customize-manager.php
wp-includes/js/media-views.js
wp-includes/js/tinymce/wp-tinymce.js.gz
wp-includes/js/tinymce/plugins/wordpress/plugin.js
wp-includes/js/tinymce/plugins/wordpress/plugin.min.js
wp-includes/js/tinymce/plugins/wplink/plugin.js
wp-includes/js/tinymce/plugins/wplink/plugin.min.js
wp-includes/js/media-views.min.js
wp-includes/js/jquery/jquery-migrate.js
wp-includes/js/jquery/jquery.js
wp-includes/js/jquery/jquery-migrate.min.js
wp-includes/class-oembed.php
wp-includes/version.php
wp-includes/customize/class-wp-customize-media-control.php
wp-includes/customize/class-wp-customize-site-icon-control.php
wp-includes/pluggable.php
wp-includes/script-loader.php
wp-includes/formatting.php
wp-includes/class-wp-customize-widgets.php
wp-includes/post-template.php

First published

Last updated