WordPress WordPress 4.9.5 Security and Maintenance Release

WordPress has released version 4.9.5. Valet clients will see this update occur on their sites as part of their Care Plan. All releases have been checked for compatibility with your current installation.

If you are utilizing the automatic updates feature you have likely already received the update. If you are not using this feature you can visit Dashboard → Updates and click "Update Now."

Here are the highlights from this release copied from the original release notes:

"WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5:

  1. Don't treat localhost  as same host by default.
  2. Use safe redirects when redirecting the login page if SSL is forced.
  3. Make sure the version string is correctly escaped for use in generator tags.

Twenty-five other bugs were fixed in WordPress 4.9.5. Particularly of note were:

  • The previous styles on caption shortcodes have been restored.
  • Cropping on touch screen devices is now supported.
  • A variety of strings such as error messages have been updated for better clarity.
  • The position of an attachment placeholder during uploads has been fixed.
  • Custom nonce functionality in the REST API JavaScript client has been made consistent throughout the code base.
  • Improved compatibility with PHP 7.2."

For more details on this release and further links to the development tickets, you can visit the WordPress.org blog post for this release