WordPress.org

Codex

Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Version 4.6.1

On 7 Sept, 2016, WordPress 4.6.1 was released to the public.

See also: other WordPress Versions.

Installation/Update Information

To download WordPress 4.6.1, update automatically from the Dashboard > Updates menu in your site's admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:


Summary

From the WordPress 4.6.1 release post: WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.

WordPress 4.6.1 also fixes 15 bugs from Version 4.6, including:

Bootstrap/Load

  • #37680 – PHP Warning: ini_get_all() has been disabled for security reasons

Database

  • #37683 – $collate and $charset can be undefined in wpdb::init_charset()
  • #37689 – Issues with utf8mb4 collation and the 4.6 update

Editor

  • #37690 – Backspace causes jumping

Email

  • #37736 – Emails fail on certain server setups

External Libraries

  • #37700 – Warning: curl_exec() has been disabled for security reasons (Requests library)
  • #37720 – The minified version of the Masonry shim was not updated in #37666 (Masonry library)

HTTP API

  • #37733 – cURL error 3: malformed for remote requests
  • #37768 – HTTP API no longer accepts integer and float values for the cookies argument

Post Thumbnails

  • #37697 – Strange behavior with thumbnails on preview in 4.6

Script Loader

  • #37800 – Close “link rel” dns-prefetch tag

Taxonomy

  • #37721 – Improve error handling of is_object_in_term in taxonomy.php

Themes

  • #37755 – Visual Editor: Weird unicode (Vietnamese) characters display on WordPress 4.6

TinyMCE

Upgrade/Install

  • #37731 – Infinite loop in _wp_json_sanity_check() during plugin install

List of Files Revised

wp-admin/about.php
wp-admin/js/editor-expand.js
wp-admin/js/editor-expand.min.js
wp-admin/includes/media.php
wp-admin/includes/class-file-upload-upgrader.php
wp-admin/includes/class-language-pack-upgrader.php
wp-includes/wp-db.php
wp-includes/pluggable.php
wp-includes/script-loader.php
wp-includes/general-template.php
wp-includes/css/editor.css
wp-includes/css/editor.min.css
wp-includes/css/editor-rtl.css
wp-includes/css/editor-rtl.min.css
wp-includes/functions.php
wp-includes/class-wp-editor.php
wp-includes/taxonomy.php
wp-includes/load.php
wp-includes/version.php
wp-includes/class-http.php
wp-includes/js/tinymce/skins/wordpress/wp-content.css
wp-includes/js/jquery/jquery.masonry.min.js
wp-includes/Requests/Transport/cURL.php
wp-includes/revision.php
wp-content/plugins
readme.html