This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.此安全和维护版本在Core上修复了19个错误,在Block Editor上修复了22个错误,并修复了8个安全问题。WordPress 6.3.2 is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement. Because this is a security release, it is recommended that you update your sites immediately. Backports are also available for other major WordPress releases, 4.1 and later.WordPress 6.3.2是一个短周期的版本。您可以通过阅读Release Candidate公告来查看此版本中的维护更新摘要。由于这是安全版本,建议您立即更新站点。Backports也可用于其他主要的WordPress版本,4.1及更高版本。The next major release will be version 6.4 planned for 7 November 2023.下一个主要版本将是计划于2023年11月7日发布的6.4版本。If you have sites that support automatic background updates, the update process will begin automatically.如果您的网站支持自动后台更新,更新过程将自动开始。You can download WordPress 6.3.2 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”.您可以从WordPress.org下载WordPress 6.3.2,或者访问您的WordPress仪表板,单击“更新”,然后单击“立即更新”。For more information on this release, please visit the HelpHub site.有关此版本的更多信息,请访问HelpHub站点。Security updates included in this release此版本中包含的安全更新The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:安全团队感谢以下人员负责地报告漏洞,并允许在此版本中修复这些漏洞:
- Marc Montpas of Automattic for finding a potential disclosure of user email addresses.Automattic的Marc Montpas发现了用户电子邮件地址的潜在泄露。Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.Automattic的Marc Montpas发现了RCE POP Chains漏洞。Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.Patchstack的Rafie Muhammad和Edouard L沿着与WordPress一起委托第三方审计,分别独立确定帖子链接导航块中的XSS问题。
- Jb Audras of the WordPress Security Team and Rafie Muhammad of WordPress的安全团队和Rafie穆罕默德 PatchstackPatchstack的 for each independently discovering an issue where comments on private posts could be leaked to other users. 每个人都独立地发现了一个问题,即私人帖子上的评论可能会泄露给其他用户。John Blackbourn (WordPress Security Team), John Blackbourn(WordPress安全团队), James Golovich詹姆斯·戈洛维奇, J.D GrimesJ·D·格里姆斯, Numan Turle努曼·图勒, WhiteCyberSec for each independently identifying a way for logged-in users to execute any shortcode. 用于每个独立地识别登录用户执行任何短代码的方式。
- mascara7784 and a third-party security audit for identifying a XSS vulnerability in the application password screen.mascara7784和第三方安全审计,用于识别应用程序密码屏幕中的XSS漏洞。Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.WordPress核心团队的Jorge Costa在脚注块中识别XSS漏洞。
- s5sS5S and 和 raouf_maklouf拉乌夫马克卢夫 for independently identifying a cache poisoning DoS vulnerability. 用于独立识别缓存中毒DoS漏洞。