3470c40
This commit was signed with the committer’s verified signature.
peterwilsoncc
Peter Wilson
Security
- Add capability check when replacing media to prevent privilege escalation by authenticated users (props @peterwilsoncc, @dkotter via GHSA-pwm5-mwxv-fjrh, CVE-2025-10749)
- Bump
minimatchfrom 4.0.7 to 4.0.8 (props @dependabot via #253).
Changed
- Bump WordPress "tested up to" version 6.7 (props @mehidi258, @jeffpaul, @dkotter, @hugosolar via #259).
- Bump WordPress "tested up to" version 6.7 (props @QAharshalkadu, @jeffpaul, @dkotter via #264).
Developer
- Update all third-party actions our workflows rely on to use versions based on specific commit hashes (props @jeffpaul, @dkotter via #262).
- Updated GitHub Action workflow permissions (props @jeffpaul, @dkotter via #265).
- Clarified all license references to explicitly reference BSD-2-Clause (props @jeffpaul, @peterwilsoncc via #269).
New Contributors
- @mehidi258 made their first contribution in #259
- @QAharshalkadu made their first contribution in #264
- @peterwilsoncc made their first contribution in #271
Full Changelog: 4.5.1...4.5.2
View closed items in the milestone.
Contributors
peterwilsoncc, mehidi258, and QAharshalkadu