From ${URL} : The WordPress 4.1.2 release fixed a number of security issues: WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. Other security issues include: * In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded. * In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack. * Some plugins were vulnerable to an SQL injection vulnerability. Upstream announcement: https://wordpress.org/news/2015/04/wordpress-4-1-2/ List of individual changes: https://core.trac.wordpress.org/log/branches/4.1?rev=32234&stop_rev=32144 @maintainer(s): since the fixed version is already in the tree, please remove the affected versions.
Please include yesterday's 4.2 release version bump in this work as well.
(In reply to Leho Kraav (:macmaN @lkraav) from comment #1) > Please include yesterday's 4.2 release version bump in this work as well. For Being able to maintain a clear history please file another bug for it if it has not been already filed.
Maintainer(s), please drop the vulnerable version(s). There are quite a few versions that need to be dropped for security reasons. If for some reason they can not be dropped please advise.
Maintainer(s), Thank you for you for cleanup. No stable versions, closing as noglsa.