{"id":12966950,"date":"2020-06-10T22:42:26","date_gmt":"2020-06-10T22:42:26","guid":{"rendered":"https:\/\/wordpress.org\/support\/?post_type=helphub_version&amp;p=12966950"},"modified":"2020-06-10T22:42:26","modified_gmt":"2020-06-10T22:42:26","slug":"version-5-1-6","status":"publish","type":"helphub_version","link":"https:\/\/wordpress.org\/documentation\/wordpress-version\/version-5-1-6\/","title":{"rendered":"Version 5.1.6"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">On June 10, 2020, WordPress 5.1.6 was released to the public.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Installation\/Update Information<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To download WordPress 5.1.6, visit <a href=\"https:\/\/wordpress.org\/download\/release-archive\/\">WordPress releases archive<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For step-by-step instructions on installing and updating WordPress:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/wordpress.org\/documentation\/article\/updating-wordpress\/\">Updating WordPress<\/a><\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">If you are new to WordPress, we recommend that you begin with the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/wordpress.org\/documentation\/article\/new_to_wordpress_-_where_to_start\/\">New To WordPress \u2013 Where to Start<\/a><\/li><li><a href=\"https:\/\/wordpress.org\/documentation\/article\/first-steps-with-wordpress\/\">First Steps With WordPress<\/a>&nbsp;or&nbsp;<a href=\"https:\/\/wordpress.org\/documentation\/article\/upgrading-wordpress-extended-instructions\/\">Upgrading WordPress Extended<\/a><\/li><li><a href=\"https:\/\/wordpress.org\/documentation\/article\/wordpress-lessons\/\">WordPress Lessons<\/a><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Summary<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Security updates<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Five security issues affect WordPress versions 5.4 and earlier.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor<\/li><li>Props to Luigi \u2013 (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.<\/li><li>Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in\u00a0<em>wp_validate_redirect()<\/em><\/li><li>Props to\u00a0<a href=\"http:\/\/apapedulimu.click\/\">Nrimo Ing Pandum<\/a>\u00a0for finding an authenticated XSS issue via theme uploads<\/li><li>Props to\u00a0<a href=\"https:\/\/blog.ripstech.com\/authors\/simon-scannell\">Simon Scannell of RIPS Technologies<\/a>\u00a0for finding an issue where\u00a0<em>set-screen-option<\/em>\u00a0can be misused by plugins leading to privilege escalation<\/li><li>Props to\u00a0<a href=\"https:\/\/profiles.wordpress.org\/poena\/\">Carolina Nymark<\/a>\u00a0for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Maintenance updates<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">One maintenance update was exceptionally backported from 5.4.2 to older branches:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/core.trac.wordpress.org\/ticket\/49956\">49956<\/a>&nbsp;\u2013 Spammers able to share unmoderated comments (see dev note below)<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Notes for developers<\/h3>\n\n\n\n<figure class=\"wp-block-embed-wordpress wp-block-embed is-type-wp-embed is-provider-make-wordpress-core\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"ec7SFWJMVz\"><a href=\"https:\/\/make.wordpress.org\/core\/2020\/06\/09\/wordpress-5-4-2-prevent-unmoderated-comments-from-search-engine-indexation\/\">WordPress 5.4.2: Prevent unmoderated comments from search engine indexation<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;WordPress 5.4.2: Prevent unmoderated comments from search engine indexation&#8221; &#8212; Make WordPress Core\" src=\"https:\/\/make.wordpress.org\/core\/2020\/06\/09\/wordpress-5-4-2-prevent-unmoderated-comments-from-search-engine-indexation\/embed\/#?secret=F3HPJYCMUt#?secret=ec7SFWJMVz\" data-secret=\"ec7SFWJMVz\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">List of Files Revised<\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\">wp-admin\/themes.php\nwp-admin\/includes\/misc.php\nwp-admin\/includes\/media.php\nwp-includes\/class-walker-comment.php\nwp-includes\/class-wp-comment-query.php\nwp-includes\/comment-template.php\nwp-includes\/comment.php\nwp-includes\/default-filters.php\nwp-includes\/embed.php\nwp-includes\/pluggable.php\nwp-includes\/version.php\npackage-lock.json\npackage.json\nwp-comments-post.php<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Updated packages<\/h2>\n\n\n\n<pre class=\"wp-block-preformatted\">@wordpress\/block-library: 2.4.7\n@wordpress\/edit-post: 3.3.7<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On June 10, 2020, WordPress 5.1.6 was released to the public. Installation\/Update Information To download WordPress 5.1.6, visit WordPress releases archive. For step-by-step instructions on installing and updating WordPress: Updating WordPress If you are new to WordPress, we recommend that you begin with the following: New To WordPress \u2013 Where to Start First Steps With [&hellip;]<\/p>\n","protected":false},"author":8670591,"featured_media":0,"menu_order":0,"template":"","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false},"helphub_major_release":[61],"class_list":["post-12966950","helphub_version","type-helphub_version","status-publish","hentry","helphub_major_release-5_1"],"revision_note":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/wordpress-versions\/12966950","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/wordpress-versions"}],"about":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/types\/helphub_version"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/users\/8670591"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/wordpress-versions\/12966950\/revisions"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/media?parent=12966950"}],"wp:term":[{"taxonomy":"helphub_major_release","embeddable":true,"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/helphub_major_release?post=12966950"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}