We’re happy to announce the release of ClassicPress
This release is a maintenance and security release.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release.
- A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
- A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
The ClassicPress and WordPress security teams.
If your ClassicPress site has automatic updates enabled (the default configuration), then the new version will be installed automatically. Otherwise, we recommend upgrading your site(s) to
1.5.3 to receive all latest fixes and updates.
Download this release
and follow the installation instructions.
|Existing WordPress sites||Download the migration plugin and follow the migration instructions.|
|Existing ClassicPress sites||Use the built-in update mechanism (more info).|
The full changelog is available on GitHub.