Version 3.9.3

来自WordPress中文文档
跳转至: 导航搜索

wordpress.org.cn

On November 20, 2014, WordPress 4.0.1 was released to the public and WordPress 3.9.3 was released as an automatic security update for WordPress 3.9.2.

Installation/Update Information

To download WordPress 3.9.3, update automatically from the Dashboard > Updates menu in your site's admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the announcement post:

  • Three cross-site scripting issues that a contributor or author could use to compromise a site.
  • A cross-site request forgery that could be used to trick a user into changing their password.
  • An issue that could lead to a denial of service when passwords are checked.
  • Additional protections for server-side request forgery attacks when WordPress makes HTTP requests.
  • An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding).
  • WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address.

List of Files Revised

readme.html
wp-admin/about.php
wp-admin/includes/image.php
wp-admin/press-this.php
wp-includes/class-phpass.php
wp-includes/formatting.php
wp-includes/http.php
wp-includes/js/tinymce/plugins/wpeditimage/plugin.js
wp-includes/js/tinymce/plugins/wpeditimage/plugin.min.js
wp-includes/js/tinymce/wp-tinymce.js.gz
wp-includes/kses.php
wp-includes/media.php
wp-includes/pluggable.php
wp-includes/user.php
wp-includes/version.php
wp-login.php

模板:Versions