WordPress version 4.7.1 has been just released pushing out fixes to several security issues. The security and maintenance release comes nearly after a month of a major release of WordPress version 4.7 in December last year.
WordPress 4.7.1 fixes eight security issues that were reported after the release of the major version in December 2016. The version also fixes over sixty bugs from the previous version 4.7.
Users are advised to update to the latest version of WordPress 4.7.1 as soon as possible.
Updating to WordPress version 4.7.1
If your WordPress host supports it, your website should be updated automatically to WordPress 4.7.1.
But if your website wasn’t automatically updated or failed to update, here’re a few steps that you should go through to install the latest update. It should only take you a few moments for you to update to the latest version.
Head over to the Updates from your Dashboard Menu and you should see a notification for the latest WordPress version.
Click on Update Now to update automatically to WordPress version 4.7.1.
Once the update process is complete, you should see a welcome message to WordPress 4.7.1.
The WordPress Team has also started notifying all the users whose sites weren’t updated automatically to the latest version. Look for an email from the team, if your site wasn’t updated automatically.
You should also see a notification on your WordPress dashboard saying “an automated WordPress update has failed to complete”.
In most cases, your website should be updated automatically to 4.7.1 and you should receive an email from your host regarding the update.
You will need to review your website and make sure there are no problems after the automatic upgrade. Depending on the hosting service you use, you should be able to revert your website to the version before upgrading if you experience any issues.
WordPress version 4.7.1 Security Fixes
The security release post on the WordPress news blog highlights security issues that affect WordPress 4.7 and all of the previous versions of the software.
Here’s the list of all the eight security issues as listed on WordPress codex for the 4.7.1 update.
- PHPMailer update fixing Remote code execution (RCE) – WordPress uses PHPMailer library as the basis for its email functionality.
- The REST API issue that exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.
- Cross-site scripting (XSS) via the plugin name or version header on update-core.php.
- Cross-site request forgery (CSRF) bypass via uploading a Flash file.
- Cross-site scripting (XSS) via theme name fallback.
- Post via email checks mail.example.com if default settings aren’t changed.
- A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing.
- Weak cryptographic security for multisite activation key.
WordPress version 4.7.1 Bug Fixes
The WordPress 4.7.1 version also fixes 61 bugs from the previously released WordPress 4.7 version.
The update includes fixes to the bundled theme, Comments, Customizer, Editor, HTTP API, Media, and Rest API among others. You can see the complete list of bug fixes on the codex page for 4.7.1 update
Twenty Seventeen Theme Update
The default WordPress theme for the year 2017, Twenty Seventeen has also been updated to version 1.1. The theme is updated with several fixes including right
$content_width, and fixing the problem of displaying featured image on single template.
If you have the Twenty Seventeen theme installed on your website, it should now be available to update automatically from your updates dashboard under Themes.
Dashboard > Updates (See Themes Section)
The release for 4.7.1 will be led by Aaron D. Campbell and the security issues were reported by WordPress users from the WordPress Security Team and the broader WordPress community.
Have you updated to WordPress 4.7.1 yet?