This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for Block Editor, and security fixes..
The team would like to thank the following people for reporting vulnerabilities, and allowing them to be fixed in this release.
Marc Montpas of Automattic for finding disclosure of email addresses..
Rafie Muhammad and Edouard L of Patchstack along with WordPress commissioned third-party audit for each identifying XSS issue in the post link navigation block..
Jb Audras of WordPress Security Team and Rafie Muhammad of Patchstack for each discovering issue where comments on private posts could be leaked to other users..
John Blackbourn, James Golovich, J.D Grimes, Numan Turle, WhiteCyberSec for each identifying way for logged-in users to execute any shortcode. mascara7784 and security audit for identifying XSS in the password screen..
Jorge Costa of WordPress Core Team for identifying XSS in the footnotes block. s5s and raouf maklouf for identifying cache poisoning DoS vulnerability...
This release was led by Joe McGill, Aaron Jorbin and Jb Audras, with the help of David Baumwald on mission control..
Their coordination to maintenance and security fixes into stable release is testament to the power and capability of WordPress community..
To get involved WordPress development, head over to Trac, pick ticket, and join the in the #core and #6-4-release-leads channels.
Read more
Related items:
