WordPress 4.9.3 was scheduled to go out on January 30th, but it was finally delayed to yesterday February 5th due to several open tickets in WordPress Make with various bugs.
It was finally released yesterday, around 10:30 pm in Spain (approximately) and corrects up to 34 bugs and adds compatibility with php 7.2.
It also includes bug fixes in the customizer, the widgets and the visual editor.
This is an automatic update, but this time a little “lazy” and I say this, because, normally when an automatic update comes out, they usually update themselves in a very short time after the new distro comes out, but I have seen installations that Even after 12 hours the update has not occurred, so if it is your case or you have the automatic updates disabled, go through the administration of your WordPress and update after a backup copy, although personally I have not noticed that anything failed.
This, with respect to maintenance, but what about Security?
In the WordPress changelog it does not mention anything about Security and that is why I have put it between questions, since yesterday and hours before 4.9.3 came out, I received a notification from WPScan Vulnerability Database, informing that since version 4.9. 2 backwards, they have an unpatched denial of service vulnerability (Application Denial of Service (DoS), you can see the info in the following LINK.
The question, Is this vulnerability patched or not? Well, according to the changelog of 4.9.3, no, or at least they haven’t made it public. I am also surprised that WPScan released the vulnerability just hours before the 4.9.3 release, where that agreement on responsible disclosures is.
This and the lack of information have surely puzzled more than one.
Anyway, as always, as soon as I know something else, you will be the first to find out. We have an open thread in the WordPress Security Group on FB in case you want to follow it.
And don’t miss the #SALES at Host-Fusion until February 28, 2018, 25% discount in all our plans Hosting para WordPress using code HF25