Software Update: WordPress 5.1.1

Version 5.1.1 of WordPress has been released. With this program, which is made available under a GPL license, it is possible to set up and maintain a website or blog. WordPress is easy to set up and can be up and running within five minutes if a server with PHP and MySQL is already available. There are possibilities to further extend the functionality of WordPress with plugins and the look with themes to adjust.

In version 5.0, in addition to a new theme, a completely new editor has also been introduced. However, the old editor is still there and is now called classic editor. In version 5.1, some sharp edges have also been removed from the new editor and it should perform better. This first update also brings the following improvements:

WordPress 5.1.1 Security and Maintenance Release

WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2.

This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.

WordPress versions 5.1 and earlier are affected by these bugs, which are fixed in version 5.1.1. Updated versions of WordPress 5.0 and earlier are also available for any users who have not yet updated to 5.1.

Props to Simon Scannell of RIPS Technologies who discovered this flaw independent of some work that was being done by members of the core security team. Thank you to all of the reporters for privately disclosing the vulnerabilitieswhich gave us time to fix them before WordPress sites could be attacked.

Other highlights of this release include:

• Hosts can now offer a button for their users to update PHP.
• The recommended PHP version used by the “Update PHP” notice can now be filtered.
• Several minor bug fixes.

You can browse the full list of changes on Trac.