Headsup to all WordPress users! WordPress 6.0.2 Security and Maintenance Release was released by the WordPress core team earlier today. If you haven’t updated yet, do it ASAP.
Here’s a snippet from the announcement published on the official WordPress blog:
WordPress 6.0.2 is now available!
This security and maintenance release features 12 bug fixes on Core, 5 bug fixes for the Block Editor, and 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.
WordPress 6.0.2 is a short-cycle release. You can review a summary of the main updates in this release by reading the RC1 announcement.
The next major release will be version 6.1 planned for November 1, 2022
Check out additional information below regarding the bug fixes included in WordPress 6.0.2:
Details on the 12 bug fixes on Core:
- Allow remote pattern registration in theme.json when core patterns are disabled
register_block_typedoes not recognise “ancestor” block setting
- What’s new page design issue in core WordPress
'@since 6.1.0'appearing in 6.0.1
- Custom Template Parts are Duplicated, rather than being updated (PHP 5.6)
- Update the About page for 6.0.2
- Moment.js should be upgraded, 2.29.2 contains vulnerability
- Backport bug fixes from Gutenberg into Core for WP 6.0.2
Details on the 5 bug fixes for the Block Editor:
- chore(release): publish
- Prevent query block from looping in classic themes
- Remove sticky posts setting when we inherit the query
- [Block Library – Query Loop]: Move sticky control to separate file
- Block Styles: Truncate long button labels
SECURITY UPDATES INCLUDED IN WORDPRESS 6.0.2
- Possible SQL injection within the Link API (via Fariskhi Vidyan)
- XSS vulnerability on the Plugins screen (via Khalilov Moe)
- Output escaping issue within
the_meta()(via John Blackbourn – WordPress security team)
Kudos to the WordPress core team, individuals who reported the vulnerabilities as well as everyone who contributed, making the release of WordPress 6.0.2 possible. Thank you for keeping the WordPress community safe and secure!
If you have automatic background updates enabled on your WordPress-powered site, then you don’t have to do anything. For those of you who haven’t enabled automatic background updates or are not familiar with this feature, you can do so by logging in to your WordPress Dashboard > Updates and then clicking Update Now.
Have you already upgraded your WordPress site to WordPress 6.0.2? If not, what are you waiting for? Do it now!