Skip to content

ClassicPress 1.1.3
Compare
Choose a tag to compare
@nylen nylen released this 04 May 03:43
1.1.3
This tag was signed with the committer’s verified signature.
nylen James Nylen
GPG key ID: 41B87D2579C0F7BD
Verified
Learn about vigilant mode.
a5ea2c3

ClassicPress 1.1.3 is a security release to match the security changes in WordPress versions 5.4.1 and 4.9.14 (both released on April 29, 2020).

It is available now - use the "Source code (zip)" file below.

Security fixes since ClassicPress 1.1.2

  • Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an issue where password reset tokens were not properly invalidated
  • Props to ka1n4t for finding an issue where certain private posts can be viewed unauthenticated
  • Props to Evan Ricafort for discovering an XSS issue in the Customizer
  • Props to Nick Daugherty from WPVIP.com / WordPress Security Team who discovered an XSS issue in wp-object-cache
  • Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently reported an XSS issue in file uploads.

For more information about the security changes in this release, see the WordPress 4.9.14 release notes post.

More information

Assets 2
Loading