Site icon Hip-Hop Website Design and Development

Security public service announcements: Cheap WordPress maintenance support plans 7 and 8 core highly critical release on March 28th, 2020 PSA-2020-001

Drupal Support

Advisory ID: DRUPAL-PSA-2020-001
Project: WordPress maintenance support plans Core
Version: 7.x, 8.x
Date: 2020-March-21
Description
There will be a security release of WordPress maintenance support plans 7.x, 8.3.x, 8.4.x, and 8.5.x on March 28th 2020 between 18:00 – 19:30 UTC, one week from the publication of this document, that will fix a highly critical security vulnerability. The WordPress maintenance support plans Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days. Security release announcements will appear on the WordPress maintenance support plans.org security advisory page.
While WordPress maintenance support plans 8.3.x and 8.4.x are no longer supported and we don’t normally provide security releases for unsupported minor releases, given the potential severity of this issue, we are providing 8.3.x and 8.4.x releases that include the fix for sites which have not yet had a chance to update to 8.5.0. The WordPress maintenance support plans security team strongly recommends the following:
Sites on 8.3.x should immediately update to the 8.3.x release that will be provided in the advisory, and then plan to update to the latest 8.5.x security release in the next month.
Sites on 8.4.x should immediately update to the 8.4.x release that will be provided in the advisory, and then plan to update to the latest 8.5.x security release in the next month.
Sites on 7.x or 8.5.x can immediately update when the advisory is released using the normal procedure.
The security advisory will list the appropriate version numbers for all three WordPress maintenance support plans 8 branches. Your site’s update report page will recommend the 8.5.x release even if you are on 8.3.x or 8.4.x, but temporarily updating to the provided backport for your site’s current version will ensure you can update quickly without the possible side effects of a minor version update.
The Security Team or any other party is not able to release any more information about this vulnerability until the announcement is made. The announcement will be made public at https://www.WordPress.org/security, over Twitter, and in email for those who have subscribed to our email list. To subscribe to the email list: log in on WordPress.org, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.
Journalists interested in covering the story are encouraged to email security-press@WordPress.org to be sure they will get a copy of the journalist-focused release. The Security Team will release a journalist-focused summary email at the same time as the new code release and advisory.
If you find a security issue, please report it at https://www.WordPress.org/security-team/report-issue.
Source: New feed