FEDORA-2021-3ebc6ab03a created by remi 2 months ago for Fedora 32
stable

WordPress 5.7.1 Security and Maintenance Release

Security updates

Two security issues affect WordPress versions between 4.7 and 5.7. If you haven’t yet updated to 5.7, all WordPress versions since 4.7 have also been updated to fix the following security issues:

  • thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8
  • thanks Mikael Korpela for reporting a data exposure vulnerability within the latest posts block and REST API

Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.

Props to Adam Zielinski, Pascal Birchler, Peter Wilson, Juliette Reinders Folmer, Alex Concha, Ehtisham Siddiqui, Timothy Jacobs and the WordPress security team for their work on these issues.

Maintenance updates

WordPress 5.7.1 also fixes 26 regressions introduced in version 5.7:

Fixed Core tickets from Trac:

  • 52787 – Empty array for non-single post meta breaks post save through REST API
  • 52822 – PHPMailer change in WordPress 5.7 breaks working sites
  • 52670 – Admin pointer arrow border color darker than pointer content
  • 52713 – Reverse logic in wp_robots function and filter
  • 52743 – Hardcoded SVG image URLs on WP 5.7 About screen
  • 52750 – WP 5.7 colors inconsistent in get_option( 'admin_color' ) since color contrast changes
  • 52751 – UI issue on Privacy Policy Guide page
  • 52756 – Duplicate video URLs on WP 5.7 About screen
  • 52758 – 5.7 About Page: Image comparison doesn’t work on first load on some browsers
  • 52760 – Color not accessibility for AA
  • 52764 – Classic editor adding empty tags in some media embed situations
  • 52768 – WordPress post URL oEmbed rendering blocked by iframe lazy-loading
  • 52783 – Health Check mis-reports https functionality in certain situations
  • 52789 – Gallery layout block adds all media items when changing an image
  • 52816 – Post metabox style Twenty Seventeen has a border
  • 52826 – New wp_getimagesize() causing unexpected failures
  • 52834 – Reset password screen: improve buttons layout for better i18n
  • 52891 – Privacy: print screen reader text message
  • 52894 – The wp_sanitize_script_attributes function added in version 5.7 does not escape attributes in some cases
  • 52932 – Rest Api enum validation does not work correctly WordPress 5.7
  • 52961 – Add ‘object-position’ as an allowed CSS attribute
  • 52981 – Twenty Twenty-One: Update IE specific editor stylesheet

Fixed Block editor issues from GitHub:

  • PR30218 – Core Data: Use getAuthors for showCombobox
  • PR30524 – Editor: Revert (#27717) save editors value on change
  • PR30122 – Gallery: Set addToGallery prop to false when images don’t have IDs
  • PR29809 – Revert: Show empty paragraphs on fronted
  • PR29860 – Try: Fix gallery item clicking
  • PR29920 – Fix sibling block inserter displaying at end of block list
  • PR30125 – Block Editor: Ensure that uncategorized block types are properly handled
  • PR30243 – Add object-position to allowed inline style attributes list

The 5.7.1 release was led by @peterwilsoncc and @audrasjb.

How to install

sudo dnf upgrade --advisory=FEDORA-2021-3ebc6ab03a

This update has been submitted for testing by remi.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update has been pushed to testing.

2 months ago

This update can be pushed to stable now if the maintainer wishes

2 months ago

This update has been submitted for stable by bodhi.

2 months ago

This update has been pushed to stable.

2 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
2 months ago

Automated Test Results