Jan-Niklas Sohn discovered that a heap-based buffer overflow in the _XkbSetCompatMap function in the X Keyboard Extension of the X.org X server may result in privilege escalation if the X server is running privileged.
The second release candidate (RC2) for WordPress 6.7 is ready for download and testing!
This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it’s recommended that you evaluate RC2 on a test server and site.
Reaching this phase of the release cycle is an important milestone. While release candidates are considered ready for release, testing remains crucial to ensure that everything in WordPress 6.7 is the best it can be.
You can test WordPress 6.7 RC2 in four ways:
| Plugin | Install and activate the WordPress Beta Tester plugin on a WordPress install. (Select the “Bleeding edge” channel and “Beta/RC Only” stream). |
|---|---|
| Direct Download | Download the RC2 version (zip) and install it on a WordPress website. |
| Command Line | Use the following WP-CLI command:wp core update --version=6.7-RC2 |
| WordPress Playground | Use the 6.7 RC2 WordPress Playground instance (available within 35 minutes after the release is ready) to test the software directly in your browser without the need for a separate site or setup. |
The current target for the WordPress 6.7 release is November 12, 2024. Get an overview of the 6.7 release cycle, and check the Make WordPress Core blog for 6.7-related posts in the coming weeks for further details.
Get a recap of WordPress 6.7’s highlighted features in the Beta 1 announcement. For more technical information related to issues addressed since RC1, you can browse the following links:
WordPress is open source software made possible by a passionate community of people collaborating on and contributing to its development. The resources below outline various ways you can help the world’s most popular open source web platform, regardless of your technical expertise.
Testing for issues is critical to ensuring WordPress is performant and stable. It’s also a meaningful way for anyone to contribute. This detailed guide will walk you through testing features in WordPress 6.7. For those new to testing, follow this general testing guide for more details on getting set up.
If you encounter an issue, please report it to the Alpha/Beta area of the support forums or directly to WordPress Trac if you are comfortable writing a reproducible bug report. You can also check your issue against a list of known bugs.
Curious about testing releases in general? Follow along with the testing initiatives in Make Core and join the #core-test channel on Making WordPress Slack.
From now until the final release of WordPress 6.7 (scheduled for November 12, 2024), the monetary reward for reporting new, unreleased security vulnerabilities is doubled. Please follow responsible disclosure practices as detailed in the project’s security practices and policies outlined on the HackerOne page and in the security white paper.
For plugin and theme authors, your products play an integral role in extending the functionality and value of WordPress for all users.
Thanks for continuing to test your themes and plugins with the WordPress 6.7 beta releases. With RC2, you’ll want to conclude your testing and update the “Tested up to” version in your plugin’s readme file to 6.7.
If you find compatibility issues, please post detailed information to the support forum.
Do you speak a language other than English? ¿Español? Français? Русский? 日本? हिन्दी? বাংলা? You can help translate WordPress into more than 100 languages.
Six point seven’s dawn,
RC2 sweeps bugs away,
Sites stand firm and strong.
Thank you to the following contributors for collaborating on this post: @jorbin.
Multiple security issues were found in Twisted, an event-based framework for internet applications, which could result in incorrect ordering of HTTP requests or cross-site scripting.
Multiple security issues were found in libheif, a library to parse HEIF and AVIF files, which could result in denial of service or potentially the execution of arbitrary code.
fix CVE-2024-7006 (rhbz#2302997) fix CVE-2023-52356 (rhbz#2260112) fix CVE-2023-6228 (rhbz#2251863)
58 queries. 8.25 mb Memory usage. 0.745 seconds.