Rilascio: 26 agosto 2019

L’aggiornamento contiene 29, alcuni dedicati alla sicurezza.

Cambiamenti

  • #38415: New Custom Link menu item has a wrong fallback label
  • #45739: Block Editor: $editor_styles bug.
  • #45935: A URL in do_block_editor_incompatible_meta_box function does not have classic-editor__forget parameter
  • #46757: Media Trash: The Bulk Media options when in the Trash shouldn’t provide two primary buttons
  • #46758: Media Trash: Primary button(s) should be on the left
  • #46899: Ensure that tables generated by the Settings API have no semantics
  • #47079: Incorrect version for excerpt_allowed_blocks filter
  • #47113: Media views: dismiss notice button is invisible
  • #47145: Feature Image dialog does not follow the dialog pattern
  • #47190: Twenty Seventeen: Native audio and video embeds have no focus state.
  • #47340: Twenty Nineteen: Revise Latest Posts block styles to support post content options.
  • #47386: Fix headings hierarchy in the legacy Custom Background and Custom Header pages
  • #47390: Improve accessibility of forms elements within some “form-table” forms
  • #47414: Twenty Seventeen: Button block preview has extra spacing within button
  • #47458: Fix tab sequence order in the Media attachment browser
  • #47489: Emoji are substituted in preformatted blocks
  • #47502: Media modal bottom toolbar cuts-off content in Internet Explorer 11
  • #47538: Minor Verbiage Update – Switch ‘developer time’ for ‘a developer’
  • #47543: Twenty Seventeen: buttons don’t change color on hover and focus
  • #47561: Plugin: View details popup layout issue
  • #47603: My account toggle on admin bar not visible at high zoom levels
  • #47604: Undefined variable: locked in wp-admin/edit-form-blocks.php
  • #47687: Use alt tags for gallery images in editor
  • #47688: Color hex code in color picker displayed in RTL instead of LTR on RTL install (take 2)
  • #47693: customizer Color picker should get closed when click on color picker area.
  • #47723: Adding a custom link in nav-menus.php doesn’t trim whitespace
  • #47758: Font sizes on installation screen are too small
  • #47835: PHP requirement always set to null for plugins
  • #47888: Adding a custom link in menu via Customize doesn’t trim whitespace.

Fix di sicurezza

  • Simon Scannel di RIPS Technologies ha scoperto due vulnerabilità XSS, la prima integrata nella preview dei post e la seconda nei commenti.
  • Tim Coen ha rivelato un problema in cui la convalida e la sanificazione di un URL potrebbero portare a un reindirizzamento aperto.
  • Anshul Jain ha scoperto una vulnerabilità XSS durante il caricamento dei file multimediali.
  • Zhouyuan Yang of Fortinet’s FortiGuard Labs ha scoperto una vulnerabilità XSS nella preview degli shortcode.
  • Dunn of the Core Security Team ha scoperto una vulnerabilità XSS nella Dashboard.
  • Soroush Dalili (@irsdl) del gruppo NCC ha rivelato un problema con la sanificazione degli URL che può portare ad attacchi di cross-site scripting (XSS).
  • In aggiunta alle precedenti scoperte è stata aggiornata la versione di jQuery per le vecchie versioni di WordPress (già integrata in WordPress 5.2.1 e superiori).

File revisionati

wp-admin/css/color-picker-rtl.css
wp-admin/css/color-picker-rtl.min.css
wp-admin/css/color-picker.css
wp-admin/css/color-picker.min.css
wp-admin/css/common-rtl.css
wp-admin/css/common-rtl.min.css
wp-admin/css/common.css
wp-admin/css/common.min.css
wp-admin/css/forms-rtl.css
wp-admin/css/forms-rtl.min.css
wp-admin/css/forms.css
wp-admin/css/forms.min.css
wp-admin/css/install-rtl.css
wp-admin/css/install-rtl.min.css
wp-admin/css/install.css
wp-admin/css/install.min.css
wp-admin/css/login-rtl.css
wp-admin/css/login-rtl.min.css
wp-admin/css/login.css
wp-admin/css/login.min.css
wp-admin/includes/ajax-actions.php
wp-admin/includes/class-wp-plugins-list-table.php
wp-admin/includes/ms.php
wp-admin/includes/network.php
wp-admin/includes/plugin-install.php
wp-admin/includes/template.php
wp-admin/js/customize-nav-menus.js
wp-admin/js/customize-nav-menus.min.js
wp-admin/js/nav-menu.js
wp-admin/js/nav-menu.min.js
wp-admin/js/post.js
wp-admin/js/post.min.js
wp-admin/js/updates.js
wp-admin/js/updates.min.js
wp-admin/maint/repair.php
wp-admin/network/settings.php
wp-admin/network/site-info.php
wp-admin/network/site-new.php
wp-admin/network/site-settings.php
wp-admin/network/site-users.php
wp-admin/network/user-new.php
wp-admin/about.php
wp-admin/async-upload.php
wp-admin/custom-background.php
wp-admin/custom-header.php
wp-admin/edit-form-blocks.php
wp-admin/edit-form-comment.php
wp-admin/edit-tag-form.php
wp-admin/install.php
wp-admin/options-discussion.php
wp-admin/options-general.php
wp-admin/options-media.php
wp-admin/options-permalink.php
wp-admin/options-reading.php
wp-admin/options-writing.php
wp-admin/options.php
wp-admin/privacy.php
wp-admin/setup-config.php
wp-admin/user-edit.php
wp-admin/user-new.php
wp-content/themes/twentynineteen/sass/blocks/_blocks.scss
wp-content/themes/twentynineteen/style-editor.css
wp-content/themes/twentynineteen/style-editor.scss
wp-content/themes/twentynineteen/style-rtl.css
wp-content/themes/twentynineteen/style.css
wp-content/themes/twentyseventeen/assets/css/colors-dark.css
wp-content/themes/twentyseventeen/assets/css/editor-blocks.css
wp-content/themes/twentyseventeen/inc/color-patterns.php
wp-content/themes/twentyseventeen/style.css
wp-includes/css/admin-bar-rtl.css
wp-includes/css/admin-bar-rtl.min.css
wp-includes/css/admin-bar.css
wp-includes/css/admin-bar.min.css
wp-includes/css/buttons-rtl.css
wp-includes/css/buttons-rtl.min.css
wp-includes/css/buttons.css
wp-includes/css/buttons.min.css
wp-includes/css/media-views-rtl.css
wp-includes/css/media-views-rtl.min.css
wp-includes/css/media-views.css
wp-includes/css/media-views.min.css
wp-includes/js/media-grid.js
wp-includes/js/media-grid.min.js
wp-includes/js/media-views.js
wp-includes/js/media-views.min.js
wp-includes/js/wp-a11y.js
wp-includes/js/wp-a11y.min.js
wp-includes/js/wp-sanitize.js
wp-includes/js/wp-sanitize.min.js
wp-includes/blocks.php
wp-includes/formatting.php
wp-includes/kses.php
wp-includes/media-template.php
wp-includes/nav-menu.php
wp-includes/pluggable.php
wp-includes/post-template.php
wp-includes/script-loader.php
wp-includes/version.php