{"id":11027,"date":"2019-09-05T10:29:44","date_gmt":"2019-09-05T08:29:44","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=11027"},"modified":"2022-08-03T20:56:22","modified_gmt":"2022-08-03T18:56:22","slug":"wordpress-5-2-3","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/09\/05\/wordpress-5-2-3\/","title":{"rendered":"WordPress 5.2.3"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2014\/07\/wp_thumb.jpg\" width=\"64\" height=\"64\">The developers have released an update for WordPress that night, which upgrades the CMS to version 5.2.3. The update to version 5.2.3 fixes security problems and 29 bugs. <\/p>\n<p><!--more--><\/p>\n<p>Here is an overview of the problems and vulnerabilities that have been fixed in WordPress 5.2.3 <\/p>\n<h2>Security fixes<\/h2>\n<p>According to <a href=\"https:\/\/wordpress.org\/news\/2019\/09\/wordpress-5-2-3-security-and-maintenance-release\/\" target=\"_blank\" rel=\"noopener noreferrer\">this support page<\/a> the following security fixes have been made in WordPress 5.2.3:<\/p>\n<ul>\n<li>Props to <a href=\"https:\/\/blog.ripstech.com\/authors\/simon-scannell\/\" target=\"_blank\" rel=\"noopener noreferrer\">Simon Scannell of RIPS Technologies<\/a> for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments.&nbsp;\n<li>Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect.&nbsp;\n<li>Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads.\n<li>Props to Zhouyuan Yang of Fortinet's FortiGuard Labs who disclosed a vulnerability for cross-site scripting (XSS) in shortcode previews.\n<li>Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard.\n<li>Props to Soroush Dalili (<a href=\"https:\/\/twitter.com\/irsdl?lang=en\" target=\"_blank\" rel=\"noopener noreferrer\">@irsdl<\/a>) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.\n<li>In addition to the above changes, we are also updating jQuery on older versions of WordPress. This change was <a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47020\" target=\"_blank\" rel=\"noopener noreferrer\">added in 5.2.1<\/a> and is now being brought to older versions. <\/li>\n<\/ul>\n<h2>Bug fixes<\/h2>\n<p>According to the WordPress developers, the following bug fixes have been made &#8211; see the <a href=\"https:\/\/wordpress.org\/support\/wordpress-version\/version-5-2-3\/\" target=\"_blank\" rel=\"noopener noreferrer\">Release Notes<\/a> for more information. <\/p>\n<ul>\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/38415\" target=\"_blank\" rel=\"noopener noreferrer\">#38415<\/a>: New Custom Link menu item has a wrong fallback label\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/45739\" target=\"_blank\" rel=\"noopener noreferrer\">#45739<\/a>: Block Editor: $editor_styles bug.\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/45935\" target=\"_blank\" rel=\"noopener noreferrer\">#45935<\/a>: A URL in do_block_editor_incompatible_meta_box function does not have classic-editor__forget parameter\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/46757\" target=\"_blank\" rel=\"noopener noreferrer\">#46757<\/a>: Media Trash: The Bulk Media options when in the Trash shouldn't provide two primary buttons\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/46758\" target=\"_blank\" rel=\"noopener noreferrer\">#46758<\/a>: Media Trash: Primary button(s) should be on the left\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/46899\" target=\"_blank\" rel=\"noopener noreferrer\">#46899<\/a>: Ensure that tables generated by the Settings API have no semantics\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47079\" target=\"_blank\" rel=\"noopener noreferrer\">#47079<\/a>: Incorrect version for excerpt_allowed_blocks filter\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47113\" target=\"_blank\" rel=\"noopener noreferrer\">#47113<\/a>: Media views: dismiss notice button is invisible\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47145\" target=\"_blank\" rel=\"noopener noreferrer\">#47145<\/a>: Feature Image dialog does not follow the dialog pattern\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47190\" target=\"_blank\" rel=\"noopener noreferrer\">#47190<\/a>: Twenty Seventeen: Native audio and video embeds have no focus state.\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47340\" target=\"_blank\" rel=\"noopener noreferrer\">#47340<\/a>: Twenty Nineteen: Revise Latest Posts block styles to support post content options.\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47386\" target=\"_blank\" rel=\"noopener noreferrer\">#47386<\/a>: Fix headings hierarchy in the legacy Custom Background and Custom Header pages\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47390\" target=\"_blank\" rel=\"noopener noreferrer\">#47390<\/a>: Improve accessibility of forms elements within some \"form-table\" forms\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47414\" target=\"_blank\" rel=\"noopener noreferrer\">#47414<\/a>: Twenty Seventeen: Button block preview has extra spacing within button\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47458\" target=\"_blank\" rel=\"noopener noreferrer\">#47458<\/a>: Fix tab sequence order in the Media attachment browser\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47489\" target=\"_blank\" rel=\"noopener noreferrer\">#47489<\/a>: Emoji are substituted in preformatted blocks\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47502\" target=\"_blank\" rel=\"noopener noreferrer\">#47502<\/a>: Media modal bottom toolbar cuts-off content in Internet Explorer 11\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47538\" target=\"_blank\" rel=\"noopener noreferrer\">#47538<\/a>: Minor Verbiage Update \u2013 Switch 'developer time' for 'a developer'\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47543\" target=\"_blank\" rel=\"noopener noreferrer\">#47543<\/a>: Twenty Seventeen: buttons don't change color on hover and focus\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47561\" target=\"_blank\" rel=\"noopener noreferrer\">#47561<\/a>: Plugin: View details popup layout issue\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47603\" target=\"_blank\" rel=\"noopener noreferrer\">#47603<\/a>: My account toggle on admin bar not visible at high zoom levels\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47604\" target=\"_blank\" rel=\"noopener noreferrer\">#47604<\/a>: Undefined variable: locked in wp-admin\/edit-form-blocks.php\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47687\" target=\"_blank\" rel=\"noopener noreferrer\">#47687<\/a>: Use alt tags for gallery images in editor\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47688\" target=\"_blank\" rel=\"noopener noreferrer\">#47688<\/a>: Color hex code in color picker displayed in RTL instead of LTR on RTL install (take 2)\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47693\" target=\"_blank\" rel=\"noopener noreferrer\">#47693<\/a>: customizer Color picker should get closed when click on color picker area.\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47723\" target=\"_blank\" rel=\"noopener noreferrer\">#47723<\/a>: Adding a custom link in nav-menus.php doesn't trim whitespace\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47758\" target=\"_blank\" rel=\"noopener noreferrer\">#47758<\/a>: Font sizes on installation screen are too small\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47835\" target=\"_blank\" rel=\"noopener noreferrer\">#47835<\/a>: PHP requirement always set to null for plugins\n<li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/47888\" target=\"_blank\" rel=\"noopener noreferrer\">#47888<\/a>: Adding a custom link in menu via Customize doesn't trim whitespace.<\/li>\n<\/ul>\n<p>My German IT blog was automatically updated the night to the new WordPress version. A multi-site installation with several other blogs (English IT blog, Travel, Seniors, eScooter etc.) has been updated to the new version manually this morning. However, the security add-in WordFence still tells me that an update to WordPress 5.2.3 is pending &#8211; but should disappear after a few hours (this was the case with the last updates). Until now I haven't detected any other issues so far. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>The developers have released an update for WordPress that night, which upgrades the CMS to version 5.2.3. The update to version 5.2.3 fixes security problems and 29 bugs.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22],"tags":[195,359],"class_list":["post-11027","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","tag-update","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/11027","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=11027"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/11027\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=11027"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=11027"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=11027"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}