WordPress 4.4.2 Security Release
On the 2nd of February, WordPress should have auto-updated with SECURITY AND MAINTENANCE update. This was the WordPress 4.4.2 release.
We are recommending to customers that they apply this update as quickly as possible – if your site is setup to ‘auto-update’, then your update should have happened already automatically.
In the event that your site has not updates, please contact us. If your update has applied and FAILED – you can also contact us for help restoring your website.
WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.
Thank you to both reporters for practicing responsible disclosure.
In addition to the security issues above, WordPress 4.4.2 fixes 17 bugs from 4.4 and 4.4.1. For more information, see the release notes or consult the list of changes.
Download WordPress 4.4.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.2.
Thanks to everyone who contributed to 4.4.2:
Andrea Fercia, berengerzyla, Boone Gorges, Chandra Patel, Chris Christoff, Dion Hulse, Dominik Schilling, firebird75, Ivan Kristianto, Jennifer M. Dodd, salvoaranzulla
If this update did not auto-update (depending on your settings + release that you’re currently running), every customer is recommended to apply this update manually as quickly as possible. Help is available to those who need it.