今天老蒋登入博客后台看到WordPress4.8.2推送升级版本,然后到官方网站看到有新的推送说明内容。这次升级版本还是比较重要的,涉及到9个安全问题,6个维护修复程序,官方建议还是尽量升级。老蒋看到目前中文汉化版本还没有推送,不过如果我们当前是中文版本,即便升级到英文版本也是没有问题的,不影响网站的运行,因为有些时候不懂汉化版本到底什么时候推送出来。
第一、检查版本
第二、更新升级内容
1、$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi).
2、A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery.
3、A cross-site scripting (XSS) vulnerability was discovered in the visual editor.
4、A path traversal vulnerability was discovered in the file unzipping code.
5、A cross-site scripting (XSS) vulnerability was discovered in the plugin editor.
6、An open redirect was discovered on the user and term edit screens.
7、A path traversal vulnerability was discovered in the customizer.
8、A cross-site scripting (XSS) vulnerability was discovered in template names.
9、A cross-site scripting (XSS) vulnerability was discovered in the link modal.
In addition to the security issues above, WordPress 4.8.2 contains 6 maintenance fixes to the 4.8 release series.(edit by itbulu.com)
第三、WordPress升级方法
1、务必备份好网站数据,防止升级出现问题。
2、参考"WordPress程序自动与手动升级新版本的操作过程",可以手工或者自动升级,建议手工升级。
本文出处:老蒋部落 » WordPress 4.8.2升级更新 涉及9个安全问题 务必升级 | 欢迎分享( 公众号:老蒋朋友圈 )