WordPress 5.7.1 is now released!
This security and maintenance release includes two security fixes and 26 bug fixes. As this is a security maintenance release, we recommend you update your site immediately. All releases since WordPress 4.7 also include security updates.
WordPress 5.7.1 is a short-cycle security and maintenance release. The next major release will be 5.8.
You can download WordPress 5.7.1 from here, or visit your site’s dashboard → Updates, then click Update Now.
If your site supports background auto-updates, the update process has already started.
Security Updates
Two security issues affect WordPress versions between 4.7 and 5.7. If you have not yet updated to 5.7, all WordPress releases since 4.7 have also shipped security updates that resolve the following security issues:
- Thanks to SonarSource for reporting an XXE vulnerability in the media library that affects PHP 8.
- Thanks to Mikael Korpela for reporting a data exposure vulnerability in the REST API.
Thanks to all anonymous vulnerability reporters who gave the security team time to fix these issues before WordPress sites were attacked.
These issues were resolved with the support of Adam Zielinski, Pascal Birchler, Peter Wilson, Juliette Reinders Folmer, Alex Concha, Ehtisham Siddiqui, Timothy Jacobs, and the WordPress Security Team.
For more information, please review the full change list on Trac, or consult the Version 5.7.1 HelpHub documentation page.
Thanks and Acknowledgments
The 5.7.1 release was led by (@peterwilsoncc) and (@audrasjb).
In addition to the security researchers and release squad members mentioned above, we would also like to thank all the contributors who helped make WordPress 5.7.1 a reality:
99w, Adam Silverstein, Andrew Ozz, annalamprou, anotherdave, Ari Stathopoulos, Ayesh Karunaratne, bobbingwide, Brecht, Daniel Richards, David Baumwald, dkoo, Dominik Schilling, dragongate, eatsleepcode, Ella van Durpe, Erik, Fabian Pimminger, Felix Arntz, Florian TIAR, gab81, Gal Baras, Geoffrey, George Mamadashvili, Glen Davies, Greg Ziółkowski, grzim, Ipstenu (Mika Epstein), Jake Spurlock, Jayman Pandya, Jb Audras, Joen A., Johan Jonk Stenström, Johannes Kinast, John Blackbourn, John James Jacoby, Jonathan Desrosiers, Josee Wouters, Joy, k3nsai, Kelly Choyce-Dwan, Kerry Liu, Marius L. J., Mel Choyce-Dwan, Mikhail Kobzarev, mmuyskens, Mukesh Panchal, nicegamer7, Otshelnik-Fm, Paal Joachim Romdahl, palmiak, Pascal Birchler, Peter Wilson, pwallner, Rachel Baker, Riad Benguella, Rinat Khaziev, Robert Anderson, Roger Theriault, Sergey Biryukov, Sergey Yakimov, SirStuey, stefanjoebstl, Stephen Bernhardt, Sumit Singh, Sybre Waaijer, Synchro, Terri Ann, tigertech, Timothy Jacobs, tmatsuur, TobiasBg, Tonya Mork, Toru Miki, Ulrich and Vlad T.
This is a discussion topic split from the original thread at https://cn.wordpress.org/2021/04/15/wordpress-5-7-1-security-and-maintenance-release/