20 Comments

  1. Celeste's Quiet Ramblings

    Thanks for the update. You guys are awesome with that quick turnaround for the needed patch.

    Report

  2. Keith Davis

    Agree with @Celeste – the Tavern is the place to get WordPress info ahead of the crowd.
    Thanks Sarah

    Report

  3. Miroslav Glavić

    Manual updates – done

    Within 5 minutes of seeing the WPT tweet.
    Went on my browser, clicked on updates and voila. Faster than the auto-updates

    Report

  4. David Anderson

    I hope there’ll be an official response from wordpress.org to the rather disturbing paragraph in the advisory of the security researcher who discovered the vulnerability, in which he says that they simply declined to receive any communications about this vulnerability after it was discovered. It would be good to hear their side of that.

    Report

  5. William Charles

    I was auto updated and now it’s asking me to update my database, when I update my data base I get the following error: Catchable fatal error: Object of class WP_Error could not be converted to string in /home/doctorof/public_html/wp-admin/includes/upgrade.php on line 1459

    Any thoughts on how to fix it? Tried the usual methods (turning off plugins, default theme etc).

    Report

  6. David McCan

    The core team has been very good at responding and being transparent. I imagine that the first priority was to get the fix out.

    Report

  7. Sonja

    Doesn’t 4.1.4 also fix this for those who are not ready for 4.2 feature updates?

    Report

  8. Brett Blevins

    This is great, but it makes me wonder how many more of these vulnerabilities are lurking about.

    Report

  9. Lisa Gittleman

    When I go to updates it’s telling me that there are no updates available. Any thoughts on why that might be? It’s showing we’re on 4.1.2 so there should be one.

    Report

  10. Selvam

    Thanks for the fix, but releasing WordPress patches in short span of time is big headache for developers to make their products compatible with latest WordPress version.

    Report

  11. danallenhouston

    The db upgrade killed our site. The release notes are silent on how the DB update is part of the patch to the XSS. What is the database upgrade for on 4.2.1? We can;’t apply it to our site. Must be a plugin conflict.

    Report

Comments are closed.

%d bloggers like this: