After the developers released WordPress version 6.2.1 on May 16, 2023, they already had to follow up with WordPress version 6.2.2 on May 20, 2023. This is a maintenance and security update, which fixes a bug and a vulnerability.
Advertising
Details can be read in the release notes. Within my German blog post about WordPress Version 6.2.1 I received some feedback from my blog reader. One reader wrote:
The fixed vulnerabilities back to the WordPress 4.8.x branch(!), but there is nothing more about the necessary requirements or the impact in the release notes except "A CSRF issue updating attachment thumbnails" and "A flaw allowing XSS via open embed auto discovery" and there is also no ticket in the WordPress Core Trac.
WordPress is running in Security by Obscurity mode…
And another reader mentioned:
Be careful with the new block themes and shortcodes, because they simply don't work anymore from 6.2.1.
Technical backgrounds are missing, only a half sentence.
Big mess: core.trac.wordpress.org/ticket/58333
A third reader wrote about the WordPress 6.2.2 update and the release notes:
How to lie to yourself when you've broken thousands of websites with the 6.2.1 update:
The issue above was originally patched in the 6.2.1 release, but needed further hardening here in 6.2.2
Release notes WordPress 6.2.2
The term "further hardening" in this context is just ridiculous, sorry to say.
It seems to me, that the WordPress developers are imho no longer on a particularly good way.
Advertising
