WordPress community, on Tuesday, unveiled version 4.9.2, which is a security and maintenance release, applicable to all WordPress versions above 3.7.
The latest WordPress version includes fixes to a ‘cross site scripting (XSS)’ vulnerability which was discovered in Flash fallback files in “MediaElement 4.x” library. The MediaElement library in WordPress is for enhanced audio and video playback.
WordPress updated the MediaElement library and removed the Flash fallbacks from it, because of its decreased demand and history of security problems.
Additionally, the update includes fixes to 21 other bugs including JavaScript errors that prohibited saving the posts in Firefox. Users can now restore previous widget assignments while switching themes, without having to map the sidebars. WordPress has also restored the previous taxonomy-agnostic behavior of get_category_link() and category_description().
The WordPress 4.9.2 improves the design process, and provides better code error checking function and code syntax highlighting for a fluid site experience.
In October 2017, an SQL injection vulnerability was found in WordPress 4.8.2 and older versions, which could lead to website hacking. This was a major security attack and WordPress had to release version 4.8.3 with security updates.
When WordPress development team had released version 4.9 in November last year, they had named it WordPress 4.9 ‘Tipton’, to honor American jazz musician and bandleader, Billy Tipton.
Also read: Top 10 managed WordPress hosting platforms in 2018
Users can upgrade to latest version using the Updates option in WordPress Dashboard. Sites with automatic background updates will update automatically.