WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.
Thank you to both reporters for practicing responsible disclosure.
Download WordPress 4.4.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.2.
Thanks to everyone who contributed to 4.4.2:
Our first global contributor drive is coming up next weekend, January 30-31, 2016, and we want you to be involved!
Many of our current contributors first got involved at a Contributor Day at a WordCamp or WordPress Meetup event near them, but not everyone has had that opportunity, so we’re trying to create an online experience that will give new contributors the same kind of live support and group dynamic. We’ll be doing these as weekend challenges rather than one-day events so that WordPress users all over the world can participate without worrying about pesky time zones, but each challenge will be designed to be completed within a few hours, comparable to an in-person Contributor Day.
Our inaugural Contributor Weekend is focused on the Support Team — the folks who volunteer their time to help people with WordPress questions in the support forums and IRC. Over the two day span, forum moderators will be available online to help new contributors and answer questions as needed. The challenge this month is called 20 Questions; your mission (should you choose to accept it) is to help WordPress users by answering 20 forum support requests over the course of the weekend.
You can participate on your own, or you can get together with other people from your local meetup group and work on it together. Working together in person is really fun, so we highly recommend trying to get some folks together if you’re able, but if that’s not possible you can still connect to other participants online. Either way, this is a great way to give back to the WordPress project and have some fun helping people at the same time.
Interested? Get the details on how to participate.
Hope to see you next weekend!
WordPress 4.4.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
There were also several non-security bug fixes:
- Emoji support has been updated to include all of the latest emoji characters, including the new diverse emoji!