WordPress 5.8.1 is now accessible!
This safety and upkeep launch options 60 bug fixes along with 3 safety fixes. Because it is a safety launch, it is strongly recommended that you just replace your websites instantly. All variations since WordPress 5.4 have additionally been up to date.
WordPress 5.8.1 is a short-cycle safety and upkeep launch. The subsequent main launch will likely be model 5.9.
You can obtain WordPress 5.8.1 by downloading from WordPress.org, or go to your Dashboard → Updates and click on Update Now.
If you could have websites that help computerized background updates, they’ve already began the replace course of.
3 safety points have an effect on WordPress variations between 5.4 and 5.8. If you haven’t but up to date to five.8, all WordPress variations since 5.4 have additionally been up to date to repair the next safety points:
- Props @mdawaffe, member of the WordPress Security Team for his or her work fixing a knowledge publicity vulnerability inside the REST API.
- Props to Michał Bentkowski of Securitum for reporting a XSS vulnerability within the block editor.
- The Lodash library has been up to date to model 4.17.21 in every department to include upstream safety fixes.
In addition to those points, the safety group wish to thank the next individuals for reporting vulnerabilities through the WordPress 5.8 beta testing interval, permitting them to be mounted previous to launch:
- Props Evan Ricafort for reporting a XSS vulnerability within the block editor found through the 5.8 launch’s beta interval.
- Props Steve Henty for reporting a privilege escalation concern within the block editor.
Thank you to all the reporters for privately disclosing the vulnerabilities. This gave the WordPress safety group time to repair the vulnerabilities earlier than WordPress websites may very well be attacked.
Thanks and props!
In addition to the safety researchers and launch squad members talked about above, thanks to everybody who helped make WordPress 5.8.1 occur:
2linctools, Adam Zielinski, Alain Schlesser, Alex Lende, alexstine, AlGala, André, Andrei Draganescu, Andrew Ozz, Ankit Panchal, Anthony Burchell, Anton Vlasenko, Ari Stathopoulos, Bruno Ribaric, Carolina Nymark, Daisy Olsen, Daniel Richards, Daria, David Anderson, David Biňovec, David Herrera, Dominik Schilling, Ella van Durpe, Enchiridion, Evan Mullins, Gary Jones, George Mamadashvili, Greg Ziółkowski, Héctor Prieto, ianmjones, Jb Audras, Jeff Bowen, Joe Dolson, Joen A., John Blackbourn, Jonathan Desrosiers, JuanMa Garrido, Juliette Reinders Folmer, Kai Hao, Kapil Paul, Kerry Liu, Kevin Fodness, Marcus Kazmierczak, Mark-k, Matt, Michael Adams (mdawaffe), Mike Schroder, moch11, Mukesh Panchal, Nik Tsekouras, Paal Joachim Romdahl, Pascal Birchler, Paul Bearne, Paul Biron, Peter Wilson, Petter Walbø Johnsgård, Radixweb, Rahul Mehta, ramonopoly, ravipatel, Riad Benguella, Robert Anderson, Rodrigo Arias, Sanket Chodavadiya, Sergey Biryukov, Stephen Bernhardt, Stephen Edgar, Steve Henty, terraling, Timothy Jacobs, tmatsuur, TobiasBg, Tonya Mork, Toro_Unit (Hiroshi Urabe), Vlad T, wb1234, and WFMattR.