CVS commit: pkgsrc/www/wordpress

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/wordpress
From: "Daniel Horecki" <morr%netbsd.org@localhost>
Date: Sun, 2 Aug 2015 21:51:24 +0000

Module Name:    pkgsrc
Committed By:   morr
Date:           Sun Aug  2 21:51:24 UTC 2015

Modified Files:
        pkgsrc/www/wordpress: Makefile distinfo

Log Message:
Security update to version 4.2.3.

Changes:

WordPress 4.2.3 fixes a cross-site scripting vulnerability, which could allow
users with the Contributor or Author role to compromise a site.

The release also fixes an issue where it was possible for a user with
Subscriber permissions to create a draft through Quick Draft.

In addition to the security fixes, WordPress 4.2.3 contains fixes for
21 bugs from 4.2.2, including:
 * FIX - Upgrades: If a table has already been converted to utf8mb4,
   there's no need to try and convert it again.
 * FIX - Remove a redundant index drop.
 * FIX - Don't upgrade global tables to utf8mb4 when
   DO_NOT_UPGRADE_GLOBAL_TABLES is defined.
 * FIX - Enable utf8mb4 for MySQL extension users.
 * FIX - Plugin update rely upon wp_update_plugins() to check the
   contents of the transient and return early if no request needs to
  be made.
 * FIX - WPDB: When extracting the table name from a query, there is a
   1000 character limit on the SQL string that would be searched.
 * FIX - WPDB: When checking that text isn't too long to insert into a
   column, LONGTEXT columns could fail, as their length is longer than
   PHP_INT_MAX.
 * FIX - Plugin update handles the case where the plugin is installed
   into a different directory than it previously existed in.
 * FIX - Plugin update feature doesn't recognize errors
 * FIX - Plugin update error messages lack detail
 * FIX - Multiple plugin updates: Even if one of plugins update fails,
   allow further updates to continue.
 * FIX - In comment_form(), ensure that filtered arguments contain all
   required default values.
 * FIX - WPDB: Remove some of the complexities in
   ::strip_invalid_text() associated with switching character sets
   between queries.
 * FIX - WPDB: ::strip_text_from_query() doesn't pass a length to
   ::strip_invalid_text(), which was causing queries to fail when they
   contained characters that needed to be sanity checked by MySQL.
  * FIX - Emoji script is producing errors on pages with SVG content
 * FIX - Unable to drag widgets down page past certain length.
 * FIX - TinyMCE: wpView: fix typo in createInstance that prevented
   instances from being reused.
 * FIX - SCRIPT_DEBUG check in print_emoji_detection_script()
   generated PHP Notices.
 * FIX - If the shortcode content contains HTML code, the TinyMCE View
   no longer works.
 * FIX - Better handling when the credential form is long (such as
   when SSH is active).
 * FIX - sanitize_option didn't handle a WP_Error Object.


To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 pkgsrc/www/wordpress/Makefile
cvs rdiff -u -r1.39 -r1.40 pkgsrc/www/wordpress/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index