WordPress announces the release of security and maintenance version 5.1.1
WordPress has released the security and maintenance version 5.1.1 today introducing 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2.
This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.
WordPress versions 5.1 and earlier are affected by these bugs, which are fixed in version 5.1.1. Updated versions of WordPress 5.0 and earlier are also available for any users who have not yet updated to 5.1.
Other highlights of this release include:
- Hosts can now offer a button for their users to update PHP.
- The recommended PHP version used by the “Update PHP” notice can now be filtered.
- Several minor bug fixes.
You can browse the full list of changes on Trac.
WordPress 5.1.1 was a short-cycle maintenance release. Version 5.1.2 is expected to follow a similar two week release cadence.
You can download WordPress 5.1.1 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.