WordPress更新到Version5.2.3

WordPress不愧为用户量大的CMS平台,前不久6月份才更新到5.2.2,在WordPress版本更新到5.2.2及手动更新降级的方法 有对此进行介绍,也简单描述了手动更新及降级的方法。这不没到3个月,下一个更新的版本又来了。

图1 .WordPress后台提示5.2.3已可用

通过 官方网站 的介绍也可以得知这个版本主要安全的更新,修复了29个BUG,以及少量的安全性能上的加固。

图2 .WordPress官方网站对Version5.2.3版本的介绍

主要有:

#38415: New Custom Link menu item has a wrong fallback label
#38415:新建自定义链接菜单项有错误的回退标签

#45739: Block Editor: $editor_styles bug.
#45739:块编辑器:$editor_styles错误。

#45935: A URL in do_block_editor_incompatible_meta_box function does not have classic-editor__forget parameter
#45935: do_block_editor_incompatible_meta_box函数中的URL没有classic- editor_forget参数

#46757: Media Trash: The Bulk Media options when in the Trash shouldn’t provide two primary buttons
#46757:媒体垃圾:垃圾中的大容量媒体选项不应该提供两个主按钮

#46758: Media Trash: Primary button(s) should be on the left
#46758:媒体垃圾:主按钮应该在左边

#46899: Ensure that tables generated by the Settings API have no semantics
#46899:确保Settings API生成的表没有语义

#47079: Incorrect version for excerpt_allowed_blocks filter
#47079:摘录t_allowed_blocks过滤器的错误版本

#47113: Media views: dismiss notice button is invisible
#47113:媒体视图:取消通知按钮是不可见的

#47145: Feature Image dialog does not follow the dialog pattern
#47145: Feature Image对话框不遵循对话框模式

#47190: Twenty Seventeen: Native audio and video embeds have no focus state.
#47190: 2017:原生音频和视频嵌入没有焦点状态。

#47340: Twenty Nineteen: Revise Latest Posts block styles to support post content options.
#47340: 2019:修改最新的文章块样式以支持文章内容选项。

#47386: Fix headings hierarchy in the legacy Custom Background and Custom Header pages
#47386:修复遗留自定义背景和自定义页眉中的标题层次结构

#47390: Improve accessibility of forms elements within some “form-table” forms
#47390:改进表单元素在某些“表单表”表单中的可访问性

#47414: Twenty Seventeen: Button block preview has extra spacing within button
#47414: 217:按钮块预览在按钮中有额外的间距

#47458: Fix tab sequence order in the Media attachment browser
修正了媒体附件浏览器的标签顺序

#47489: Emoji are substituted in preformatted blocks
#47489:表情符号被替换为预格式化的块

#47502: Media modal bottom toolbar cuts-off content in Internet Explorer 11
#47502:媒体模式底部工具栏在Internet Explorer 11中切断内容

#47538: Minor Verbiage Update – Switch ‘developer time’ for ‘a developer’
#47538:次要的语言更新——将“开发人员时间”转换为“开发人员时间”

#47543: Twenty Seventeen: buttons don’t change color on hover and focus
#47543: 2017:按钮不改变颜色的悬停和焦点

#47561: Plugin: View details popup layout issue
#47561:插件:查看详细信息弹出布局问题

#47603: My account toggle on admin bar not visible at high zoom levels
#47603:我的账户切换管理栏不可见在高缩放级别

#47604: Undefined variable: locked in wp-admin/edit-form-blocks.php
#47604:未定义变量:锁定在wp-admin/edit-form-blocks.php中

#47687: Use alt tags for gallery images in editor
#47687:在编辑器中对画廊图片使用alt标签

#47688: Color hex code in color picker displayed in RTL instead of LTR on RTL install (take 2)
#47688:颜色选择器中的颜色十六进制代码,显示在RTL中,而不是在RTL安装上显示在LTR中(取2)

#47693: customizer Color picker should get closed when click on color picker area.
#47693:自定义颜色选择器在点击颜色选择器区域时应该关闭。

#47723: Adding a custom link in nav-menus.php doesn’t trim whitespace
#47723:在navu -menu .php中添加自定义链接并不会减少空格

#47758: Font sizes on installation screen are too small
#47758:安装屏幕上的字体太小

#47835: PHP requirement always set to null for plugins
#47835:对于插件,PHP要求总是设置为null

#47888: Adding a custom link in menu via Customize doesn’t trim whitespace.
#47888:通过自定义在菜单中添加自定义链接并不会减少空格。



安全补丁:

Security Fixes

Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues.
RIPS Technologies的西蒙•斯坎内尔(Simon Scannell)在发现和披露两个问题上获得了支持。
The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors.
第一个是贡献者在post预览中发现的跨站点脚本(XSS)漏洞。
The second was a cross-site scripting vulnerability in stored comments.
第二个是存储评论中的跨站点脚本漏洞。
Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect.
感谢Tim Coen揭露了一个问题,在这个问题中,URL的验证和清理可能导致打开重定向。
Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads.
支持Anshul Jain在媒体上传过程中揭示跨站点脚本。
Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a vulnerability that for cross-site scripting (XSS) in shortcode previews.
感谢Fortinet防御实验室的周原杨,他在短代码预览中揭露了一个跨站点脚本(XSS)的漏洞。
Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard.
感谢核心安全团队的Ian Dunn,他发现了一个可以在仪表板中找到反映跨站点脚本的案例。
Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
感谢NCC Group的Soroush Dalili (@irsdl)揭露了一个URL清理的问题,该问题可能导致跨站点脚本攻击(XSS)。
In addition to the above changes, we are also updating jQuery on older versions of WordPress.
除了上面的改变,我们也在更新旧版本WordPress上的jQuery。
This change was added in 5.2.1 and is now being brought to older versions.
这一更改是在5.2.1中添加的,现在正被带到较老的版本中。
.

总而言之,这次的版本是值得进行更新的,毕竟修复了大量的问题,并且对安全性能问题也进行了相应的加固。当然WordPress的小版本的升级并非一直都需要时刻保持在最新状态,但是基于WordPress的众多用户,以及各种自定义主题、插件的存在,随着官方进行更新,也是非常有必要的了。