Not really sure what they changed between 5.2.1 and 5.2.2 just some tweaks by the look of things.
Also 5.3 should be out soon.
#wordpress users, do you use the plugin called Social Warfare? It has a bug where anyone can update a string setting adding an eval()
So someone has decided to redirect sites with this plugin to a porn site. 😲
Best to delete this plugin
#WordPress 5.1.1 is now available! This #security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2.
This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.
That should mean you're ok for most current WordPress security bugs except for CVE-2019-8943 which is a path traversal bug. I think it's fixed for WordPress proper but many modules are still vulnerable.
Instead of trying to pry apart all the changesets, there is now just a consolidated changeset between 4.7.11 and 4.7.12
4.7.12 is the 4.7 branch of fixes backported from 5.0.1. Just using the entire changeset makes it easier and helps with things like database updates.
#wordpress 5.0.2 is now available!
5.0.2 is a maintenance release that addresses 73 bugs. The primary focus of this release was performance improvements in the block editor: the cumulated performance gains make it 330% faster for a post with 200 blocks.
Would it kill the #wordpress developers to actually reference the bug they are fixing in the commit log, or at least use the same words
Looks like I'm building WordPress #debian packages tonight. 😭
#wordpress 5.0 beta 3 is out, which means they are close to releasing 5.0
Planned date of release is 19th November.
Well at least this time #WordPress had a nice simple clear patch for what was needed to backport.
Sometimes their changelogs and patches don't line up, in so far as finding the security fixes.
How to setup AppArmor so it limits the WordPress code to access only what it needs and not everything available to the #Apache user. AppArmor is a Mandatory Access Control (MAC) system similar to #SELinux
It is in complain mode and I need to do more tests like upload an image but it is reasonably simple to setup.
I think I'll lock off theme and plugin updates by default and switch them on when needed.
What is a worry is the non WordPress WSGI stuff just works with no rules. I'm not sure why.