ClassicPress 1.4.3 Release Notes

This is no longer the latest release of ClassicPress!

We’re happy to announce the release of ClassicPress 1.4.3.

This release contains security fixes to match the security changes in WordPress versions 6.0.2 and 4.9.21 (both released earlier this week). It is available now.

  • Fariskhi Vidyan for finding a possible SQL injection within the Link API.
  • Khalilov Moe for finding an XSS vulnerability on the Plugins screen.
  • John Blackbourn of the WordPress security team, for finding an output escaping issue within the_meta().

For new features as compared to 1.4.2 and older releases of ClassicPress, please see the version 1.4.2 release notes.

If your ClassicPress site has automatic updates enabled (the default configuration), then the new version will be installed automatically. Otherwise, we recommend upgrading your site(s) to 1.4.3 to receive all latest fixes and updates.

Download this release

New sites Download
and follow the installation instructions.
Existing WordPress sites Download the migration plugin and follow the migration instructions.
Existing ClassicPress sites Use the built-in update mechanism (more info).

Full changelog

The full changelog is available on GitHub.