ClassicPress 1.5.3 Release Notes

This is no longer the latest release of ClassicPress!
You can find the latest release at the top of the Release Notes subforum.

We’re happy to announce the release of ClassicPress 1.5.3.

This release is a maintenance and security release.

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release.

  • A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
  • A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit

Contributors

The ClassicPress and WordPress security teams.

If your ClassicPress site has automatic updates enabled (the default configuration), then the new version will be installed automatically. Otherwise, we recommend upgrading your site(s) to 1.5.3 to receive all latest fixes and updates.

Download this release

New sites Download
ClassicPress-release-1.5.3.zip
and follow the installation instructions.
Existing WordPress sites Download the migration plugin and follow the migration instructions.
Existing ClassicPress sites Use the built-in update mechanism (more info).

Full changelog

The full changelog is available on GitHub.

6 Likes