当サイト、Codex 日本語版は今後積極的な更新は行わない予定です。後継となる新ユーザーマニュアルは、https://ja.wordpress.org/support/ にあります。
万が一、当サイトで重大な問題を発見した際などは、フォーラムWordSlack #docs チャンネルでお知らせください。</p>

Version 4.8.2

提供: WordPress Codex 日本語版
2017年9月20日 (水) 17:45時点におけるAkira Tachibana (トーク | 投稿記録)による版 (最新英語版を反映 [en:Version_4.8.2] 10:57, 20 September 2017‎ Jbpaul17 版))

(差分) ← 古い版 | 最新版 (差分) | 新しい版 → (差分)
移動先: 案内検索

2017年9月19日、WordPress 4.8.2 が公開されました。

インストール / アップグレードについて

WordPress 4.8.2 を入手するには、管理画面の「ダッシュボード」>「更新」から実行するか、下記ページからダウンロードしてください。

WordPress インストールおよびアップグレードのステップバイステップの手順は、こちらを参照してください。

WordPress が初めての場合、下記から始めると良いでしょう:


まとめ

From the WordPress 4.8.2 release post: WordPress versions 4.8.1 and earlier are affected by nine security issues:

  1. $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco.
  2. A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.
  3. A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
  4. A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet).
  5. A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by 陈瑞琦 (Chen Ruiqi).
  6. An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx).
  7. A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team.
  8. A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic).
  9. A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas Roubi (qasuar).

In addition to the security issues above, WordPress 4.8.2 contains six maintenance fixes to the 4.8 release series.

絵文字

  • #41584 - Upgrade Twemoji to 2.5.0
  • #41852 - Fix UN flag test by returning the correct value.

I18N

  • #41794 - Support numbers in locales during installation

セキュリティ

  • #13377 - Add more sanitization in _cleanup_header_comment

ウィジェット

  • #41596 - New Text Widget recognizes HTML but does not render it in the front end
  • #41622 - Text widget can show DOMDocument::loadHTML() warnings in admin when is_legacy_widget method is called

改訂されたファイル一覧

wp-admin/about.php
wp-admin/edit-tag-form.php
wp-admin/includes/class-wp-plugins-list-table.php
wp-admin/includes/file.php
wp-admin/includes/template.php
wp-admin/install.php
wp-admin/js/widgets/text-widgets.js
wp-admin/js/widgets/text-widgets.min.js
wp-admin/plugin-editor.php
wp-admin/plugins.php
wp-admin/setup-config.php
wp-admin/theme-editor.php
wp-admin/user-edit.php
wp-includes/class-wp-customize-manager.php
wp-includes/embed.php
wp-includes/formatting.php
wp-includes/js/mce-view.js
wp-includes/js/mce-view.min.js
wp-includes/js/tinymce/plugins/wplink/plugin.js
wp-includes/js/tinymce/plugins/wplink/plugin.min.js
wp-includes/js/tinymce/wp-tinymce.js.gz
wp-includes/js/twemoji.js
wp-includes/js/twemoji.min.js
wp-includes/js/wp-emoji-loader.js
wp-includes/js/wp-emoji-loader.min.js
wp-includes/js/wp-emoji-release.min.js
wp-includes/js/wplink.js
wp-includes/js/wplink.min.js
wp-includes/script-loader.php
wp-includes/version.php
wp-includes/widgets/class-wp-widget-text.php
wp-includes/wp-db.php


WordPress バージョンの一覧もあわせてご覧ください。


最新英語版: WordPress Codex » Version_4.8.2最新版との差分