HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

4.9.1

WordPress Release: 4.9.1

Tag Name: 4.9.1

Release Date: 11/29/2017

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 4.9.1: Security Hardening & Bug Fix Release

This maintenance and security release addresses several bugs and security vulnerabilities in WordPress 4.9. It includes important security hardening measures, fixes for multisite installations, theme editor improvements, and resolves issues with plugin updates containing numeric folder names. This release is recommended for all WordPress installations.

Highlight of the Release

    • Security hardening: Restricted JavaScript file uploads for users without proper permissions
    • Fixed multisite update query for blog versions
    • Improved theme editor functionality on Windows platforms
    • Fixed plugin updates with numeric file/folder names
    • Enhanced database connection handling for cloud providers using socket connections

Migration Guide

No specific migration steps are required for this maintenance release. WordPress 4.9.1 is a compatible update to WordPress 4.9 and should not cause any compatibility issues with existing themes or plugins.

Upgrade Recommendations

It is strongly recommended that all WordPress 4.9 sites be updated to version 4.9.1 as soon as possible due to the security hardening measures included in this release.

The update process is straightforward:

  1. Back up your website files and database before updating
  2. Update through your WordPress dashboard (recommended) or via manual update
  3. No additional configuration is required after updating

This is a maintenance and security release, so upgrading should be a priority for all WordPress site owners.

Bug Fixes

  • Multisite: Fixed broken update blog_versions query that was affecting multisite installations (props Mista-Flo, lenasterg, flixos90)
  • Rewrite Rules: Corrected the logic in extract_from_markers() function (props stodorovic, SergeyBiryukov)
  • Plugin Updates: Fixed updating plugins which include numeric file/folder names in the root directory (props edo888)
  • User Language: Corrected the value of the lang attribute in the admin area when user's language is set to English (United States) but the site language is different (props ocean90, afercia)
  • Themes Admin: Prevented JavaScript error on Themes admin screen when only one theme is installed (props chetan200891, afercia)
  • Database Connections: Fixed parsing of sockets which contain colons within the socket name, resolving connection issues on some cloud providers (props natacado)
  • Theme/Plugin Editor: Removed problematic caching that was causing development issues with stale cache (props precies, ibenic, mariovalney, schlessera)
  • Theme Editor: Fixed validation of editable files on Windows platforms by using relative filenames instead of full file paths (fixes theme editing on Windows)
  • MediaElement: Improved handling of language codes passed to MediaElement, resolving issues with locales such as de_DE_formal and pt_PT_ao90 (props erich_k4wp, blobfolio, flixos90, ocean90, joemcgill, SergeyBiryukov)

New Features

No significant new features were introduced in this maintenance release. WordPress 4.9.1 focuses primarily on bug fixes and security hardening measures to improve the stability and security of the 4.9 branch.

Security Updates

  • Hardening: Used properly generated hash for the newbloguser key instead of a determinate substring
  • Hardening: Added escaping to the language attributes used on html elements
  • Hardening: Ensured the attributes of enclosures are correctly escaped in RSS and Atom feeds
  • Hardening: Removed the ability to upload JavaScript files for users who do not have the unfiltered_html capability

These security hardening measures address potential vulnerabilities and improve the overall security posture of WordPress installations.

Performance Improvements

No specific performance improvements were highlighted in this release. WordPress 4.9.1 primarily focuses on bug fixes and security hardening rather than performance enhancements.

Impact Summary

WordPress 4.9.1 is primarily a security and bug fix release that addresses several important issues in WordPress 4.9. The security hardening measures improve the platform's security posture by restricting JavaScript file uploads for users without proper permissions, improving hash generation, and enhancing escaping in various areas.

The bug fixes resolve issues affecting multisite installations, theme editing on Windows platforms, plugin updates with numeric folder names, and database connections using sockets with colons. These fixes improve compatibility across different hosting environments and platforms.

For developers, the removal of problematic caching in the Theme/Plugin Editor resolves development issues caused by stale caches. The fixes for MediaElement language handling improve the media experience for sites using various language codes.

Overall, this release strengthens WordPress security and stability without introducing breaking changes, making it an important update for all WordPress installations.

Statistics:

File Changed19
Line Additions104
Line Deletions75
Line Changes179
Total Commits21

User Affected:

  • Fixed multisite update query for blog versions
  • Improved security with better hash generation for 'newbloguser' key
  • Enhanced language attribute handling in admin area
  • Fixed plugin updates with numeric file/folder names

Contributors:

westonruterdd32johnbillionocean90