WordPress 6.4.2 was released today which is a maintenance release that also patches one security-related bug. If you haven’t upgraded to 6.4 yet, then we recommend upgrading directly to this version. This release fixes the following seven issues with the WordPress Core:
- Change CSS align-item from start / end to flex-start / flex-end for full browser support
- Irrelevant comment for translators
- Since WordPress 6.4, the functions.php of a theme moved to a different location using register_theme_directory is no longer called
- Incorrect reference in docblock for _register_theme_block_patterns
- Expose serialized template content to callbacks registered to the `hooked_block_types` filter.
- Incorrect example for WP_HTML_Tag_Processor class
- Site editor: logo
The WordPress team also shared the below note about a security fix:
A Remote Code Execution vulnerability that is not directly exploitable in core, however the security team feels that there is a potential for high severity when combined with some plugins, especially in multisite installs.
We’ve already upgraded over 30 websites today with no major issues to report. As this is a maintenance release with a security fix, we recommend upgrading if possible. These minor releases are typically lower risk – certainly a lower risk than major releases such as WordPress 6.4. However, if your site requires high uptime, has custom code, and/or is complex in nature, we recommend performing the upgrade on a staging site. We also recommend testing your website after the upgrade – especially if you use any Gutenberg blocks, the Gutenberg editor for you pages/posts/widgets, or full site editing features.
If you need any assistance or have any questions, please don’t hesitate to contact us.