WordPress 5.3.1升级多个安全问题建议及时更新版本

今天老蒋有看到WordPress升级至5.3.1版本，如果我们在使用WP5.3版本的建议升级到最新版本应该这次包含四个安全问题。如果我们是其他版本的建议升级到其他版本的最新版本。这次四个安全问题包括：未经授权的用户可以通过REST API 设置文章置顶、跨站点脚本(XSS)可以存储、增强wp_kses_bad_protocol、块编辑器内容存在已存储的XSS漏洞，这几个问题。

同时还有几处的维护更新：

1、Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note).
2、Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
3、Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.
4、Embeds: remove CollegeHumor oEmbed provider as the service doesn’t exist anymore.
5、External libraries: update sodium_compat.
6、Site health: allow the remind interval for the admin email verification to be filtered.
7、Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
8、Users: ensure administration email verification uses the user’s locale instead of the site locale.

声明：本文内容由网友自发贡献，本站不承担相应法律责任。对本内容有异议或投诉，请联系2913721942#qq.com核实处理，我们将尽快回复您，谢谢合作！