Tuesday, August 4, 2015

Security Release: WordPress 4.2.4

The WordPress project has just released a new version due to a security release. WordPress versions 4.2.3 and earlier are affected by six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site. 

It also includes a fix for a potential timing side-channel attack and prevents an attacker from locking a post from being edited.

In addition to the security fixes, WordPress 4.2.4 contains fixes for 4 bugs from 4.2.3. You can find more information at the Release Notes.

The WordPress team strongly encourages their users to update their site to this version. For more details please check the official announcementIf you already have a running version of Bitnami WordPress, the application will be automatically updated. You can confirm that the update has been done by checking the version from your admin panel.

We have released Bitnami WordPress 4.2.4 (and Multisite version) installersvirtual machines and Amazon EC2GoogleVMware vCloud Air and Azure cloud images that fix these issues.

Have questions about Bitnami WordPress or the security issue? Post to our community forum, and we would be happy to help you.