HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

4.7.14

WordPress Release: 4.7.14

Tag Name: 4.7.14

Release Date: 9/4/2019

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 4.7.14 is primarily a security-focused maintenance release that addresses several important vulnerabilities. This update includes fixes for URL validation, content sanitization, and jQuery security issues. It's a crucial update for all WordPress 4.7.x installations to maintain site security and prevent potential exploits.

Highlight of the Release

    • Multiple security fixes for URL validation and sanitization
    • Backported security patch from jQuery 3.4.0
    • Improved handling of rel attributes in links
    • Enhanced protection in attachment uploads

Migration Guide

No specific migration steps are required for this update. This is a straightforward security update that should not break existing functionality.

To update to WordPress 4.7.14:

  1. Back up your WordPress site (files and database)
  2. Update through the WordPress admin dashboard or download the update and install it manually
  3. Verify your site functionality after the update

Note that WordPress 4.7.x is an older branch of WordPress. If possible, site administrators should consider upgrading to the latest major version of WordPress for improved security and features.

Upgrade Recommendations

Priority: Critical

All WordPress sites running version 4.7.x should update to 4.7.14 immediately. This release contains several important security fixes that protect your site from potential vulnerabilities.

While this update is crucial for sites on the 4.7 branch, please note that WordPress 4.7 is an older version that is no longer receiving regular updates. For optimal security and features, we strongly recommend upgrading to the latest major version of WordPress if your site's plugins and themes are compatible.

Bug Fixes

Security-Related Bug Fixes

  • Fixed URL validation in wp_validate_redirect() to prevent potential security issues
  • Removed _convert_urlencoded_to_entities() from the get_the_content() callback to address content handling vulnerabilities
  • Improved URL sanitization in wp_kses_bad_protocol_once() to prevent protocol-based exploits
  • Added proper escaping for output in wp_ajax_upload_attachment() to prevent XSS vulnerabilities
  • Enhanced handling of existing rel attributes in wp_rel_nofollow_callback() for better security and compatibility

New Features

No new features were introduced in this release. WordPress 4.7.14 is a security and maintenance release focused on fixing vulnerabilities and improving existing functionality.

Security Updates

  • URL Validation Enhancement: Improved URL validation in wp_validate_redirect() to prevent potential redirect-based vulnerabilities
  • Content Sanitization: Removed potentially unsafe _convert_urlencoded_to_entities() function from the get_the_content() callback
  • Attachment Upload Security: Added proper escaping to the output in wp_ajax_upload_attachment() to prevent XSS attacks
  • URL Protocol Sanitization: Fixed URL sanitization in wp_kses_bad_protocol_once() to prevent protocol-based exploits
  • jQuery Security Update: Backported security patch from jQuery 3.4.0 to address potential vulnerabilities (fixes #47020)
  • Link Attribute Handling: Improved handling of existing rel attributes in wp_rel_nofollow_callback() to prevent security issues

Performance Improvements

This release does not contain any specific performance improvements. The focus was primarily on security enhancements and bug fixes rather than performance optimizations.

Impact Summary

WordPress 4.7.14 is a security-focused maintenance release that addresses several vulnerabilities related to URL validation, content sanitization, and jQuery. The update is critical for all WordPress 4.7.x installations to maintain site security.

The security fixes in this release protect against potential XSS attacks, URL-based exploits, and other vulnerabilities. These improvements enhance the overall security posture of WordPress sites without introducing any breaking changes to existing functionality.

This release also includes some CI/build tool improvements that don't affect end users but help maintain the WordPress codebase. As WordPress 4.7 is an older branch, this release primarily focuses on backporting critical security fixes rather than adding new features.

Statistics:

File Changed18
Line Additions76
Line Deletions123
Line Changes199
Total Commits10

User Affected:

  • Need to update their WordPress installations to maintain security
  • Benefit from improved URL validation and sanitization
  • Protected from potential security vulnerabilities

Contributors:

johnbillionSergeyBiryukovwhyisjakedesrosjazaozz