WordPress 4.9.7

WordPress 4.9.7 is now available. This maintenance and security release fixes 17 bugs.

Download WordPress 4.9.7 or visit Dashboard → Updates and click “Update Now”. Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.7:

1naveengiriAaron JorbinabdullahramzanalejandroxlopezAndrew OzzArunBirgir Erlendsson (birgire)BjornWBoone GorgesBrandon KraftChetan PrajapatiDavid HerreraFelix ArntzGarethIan DunnibelangerJohn BlackbournJonathan Desrosiers, JoykhaihonglbenicioLeander IversenmermelmetalandcoffeeMigrated to @jeffpaul, palmiakSergey BiryukovskoldinSubrata SarkarTowhidul Islamwarmlaundry, and YuriV.

WordPress versions 4.9.6 and earlier are affected by a file deletion issue where a user with the capability to edit and delete media files could potentially manipulate media metadata to attempt to delete files outside the uploads directory.

Thank you to Slavco for reporting the original issue and Matt Barry for reporting related issues.

Other highlights of 4.9.7 include:

  • Taxonomy: Improve cache handling for term queries.
  • Posts, Post Types: Clear post password cookie when logging out.
  • Widgets: Allow basic HTML tags in sidebar descriptions on Widgets admin screen.
  • Community Events Dashboard: Always show the nearest WordCamp if one is coming up, even if there are multiple Meetups happening first.
  • Privacy: Make sure default privacy policy content does not cause a fatal error when flushing rewrite rules outside of the admin context.

You can see the full list of changes in Trac.

The previously scheduled 4.9.7 is now referred to as 4.9.8, and will follow the release schedule posted yesterday.

#minor-releases, #security