[SECURITY] Fedora 32 Update: wordpress-5.7.1-1.fc32

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-3ebc6ab03a 2021-04-23 15:04:50.170504 -------------------------------------------------------------------------------- Name : wordpress Product : Fedora 32 Version : 5.7.1 Release : 1.fc32 URL : http://www.wordpress.org Summary : Blog tool and publishing platform Description : Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora -------------------------------------------------------------------------------- Update Information: **WordPress 5.7.1 Security and Maintenance Release** **Security updates** Two security issues affect WordPress versions between 4.7 and 5.7. If you haven���t yet updated to 5.7, all WordPress versions since 4.7 have also been updated to fix the following security issues: * thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8 * thanks Mikael Korpela for reporting a data exposure vulnerability within the latest posts block and REST API Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked. Props to Adam Zielinski, Pascal Birchler, Peter Wilson, Juliette Reinders Folmer, Alex Concha, Ehtisham Siddiqui, Timothy Jacobs and the WordPress security team for their work on these issues. **Maintenance updates** WordPress 5.7.1 also fixes 26 regressions introduced in version 5.7: Fixed Core tickets from Trac: * 52787 ��� Empty array for non-single post meta breaks post save through REST API * 52822 ��� PHPMailer change in WordPress 5.7 breaks working sites * 52670 ��� Admin pointer arrow border color darker than pointer content * 52713 ��� Reverse logic in wp_robots function and filter * 52743 ��� Hardcoded SVG image URLs on WP 5.7 About screen * 52750 ��� WP 5.7 colors inconsistent in get_option( 'admin_color' ) since color contrast changes * 52751 ��� UI issue on Privacy Policy Guide page * 52756 ��� Duplicate video URLs on WP 5.7 About screen * 52758 ��� 5.7 About Page: Image comparison doesn���t work on first load on some browsers * 52760 ��� Color not accessibility for AA * 52764 ��� Classic editor adding empty tags in some media embed situations * 52768 ��� WordPress post URL oEmbed rendering blocked by iframe lazy-loading * 52783 ��� Health Check mis- reports https functionality in certain situations * 52789 ��� Gallery layout block adds all media items when changing an image * 52816 ��� Post metabox style Twenty Seventeen has a border * 52826 ��� New wp_getimagesize() causing unexpected failures * 52834 ��� Reset password screen: improve buttons layout for better i18n * 52891 ��� Privacy: print screen reader text message * 52894 ��� The wp_sanitize_script_attributes function added in version 5.7 does not escape attributes in some cases * 52932 ��� Rest Api enum validation does not work correctly WordPress 5.7 * 52961 ��� Add ���object-position��� as an allowed CSS attribute * 52981 ��� Twenty Twenty-One: Update IE specific editor stylesheet Fixed Block editor issues from GitHub: * PR30218 ��� Core Data: Use getAuthors for showCombobox * PR30524 ��� Editor: Revert (#27717) save editors value on change * PR30122 ��� Gallery: Set addToGallery prop to false when images don���t have IDs * PR29809 ��� Revert: Show empty paragraphs on fronted * PR29860 ��� Try: Fix gallery item clicking * PR29920 ��� Fix sibling block inserter displaying at end of block list * PR30125 ��� Block Editor: Ensure that uncategorized block types are properly handled * PR30243 ��� Add object-position to allowed inline style attributes list The 5.7.1 release was led by @peterwilsoncc and @audrasjb. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 15 2021 Remi Collet <remi(a)remirepo.net&gt; - 5.7.1-1 - WordPress 5.7.1 Security and Maintenance Release -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-3ebc6ab03a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------