ClassicPress 1.1.3 Release Notes

ClassicPress 1.1.3 is a security release to match the security changes in WordPress versions 5.4.1 and 4.9.14 (both released on April 29, 2020). It is available now.

If your ClassicPress site has automatic updates enabled (the default configuration), then the new version will be installed automatically. Otherwise, we strongly recommend applying this update from your site’s dashboard as soon as possible.

Security fixes since ClassicPress 1.1.2

  • Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an issue where password reset tokens were not properly invalidated
  • Props to ka1n4t for finding an issue where certain private posts can be viewed unauthenticated
  • Props to Evan Ricafort for discovering an XSS issue in the Customizer
  • Props to Nick Daugherty from WPVIP.com / WordPress Security Team who discovered an XSS issue in wp-object-cache
  • Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently reported an XSS issue in file uploads.

For more information about the security changes in this release, see the WordPress 4.9.14 release notes post.

Download this release

New sites Download
ClassicPress-release-1.1.3.zip (9.9 MB)
and follow the installation instructions.
Existing WordPress sites Download the migration plugin and follow the migration instructions.
Existing ClassicPress sites Use the built-in update mechanism (more info).

Full changelog

The full changelog is available on GitHub.

8 Likes

My 2 sites updated quick and without a hitch.

2 Likes

Looks good for all my sites :+1:
Thanks @james :slight_smile:

3 Likes

Thanks for your hardwork and to the team behind CP. Long live!!!

7 Likes

Looks good on my sites too. Thanks, @james!

4 Likes

3 posts were split to a new topic: Updates not working due to GitHub outage