Skip to content

ClassicPress 1.7.1
Compare
Choose a tag to compare
@mattyrob mattyrob released this 14 Oct 09:05
1.7.1
e4723e4

ClassicPress 1.7.1 is available now - use the "Source code (zip)" file below.

Here are the highlights from this release:

Notable changes since ClassicPress 1.7.0

  • Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
  • Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
  • Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
  • John Blackbourn (WordPress Security Team), James Golovich, J.D Grimes, Numan Turle, WhiteCyberSec for each independently identifying a way for logged-in users to execute any shortcode.
  • mascara7784 and a third-party security audit for identifying a XSS vulnerability in the application password screen.
  • Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
  • s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.

More information

See the release announcement post on our forums for more details, or have a look at the full changelog here on GitHub:

ClassicPress/ClassicPress@1.7.0+dev...1.7.1+dev

Assets 2
Loading