A new WordPress security and maintenance update is available.
Yesterday, 3 April, WordPress 4.9.5 has officially released as a security and maintenance update. The core team noted three security issues in the previous version, 4.9.4, which led to security hardening changes in 4.9.5, such as:
- Localhost is not treated as the same host by default.
- Safe redirects are to be used when redirecting the login page if SSL is forced.
- Version string must be correctly escaped for use in generator tags.
Furthermore, the new version fixes 28 bugs, which include an improved compatibility with PHP 7.2, better image cropping, and “friendlier” error messages. Full details are available on the release blog.
To update: download WordPress 4.9.5 or visit Dashboard, go to Updates and click the Update Now button.