Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact of these issues. Tenable.sc 5.19.0 updates the following components:
1. Handlebars
CVE-2019-19919
Severity: Critical
2. Underscore
CVE-2021-23358
Severity: High
WordPress 5.7.2 is now available.
This security release features one security fix. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.
WordPress 5.7.2 is a short-cycle security release. The next major release will be version 5.8.
You can update to WordPress 5.7.2 by downloading from WordPress.org, or visit your Dashboard → Updates and click Update Now.
If you have sites that support automatic background updates, they’ve already started the update process.
One security issue affecting WordPress versions between 3.7 and 5.7. If you haven’t yet updated to 5.7, all WordPress versions since 3.7 have also been updated to fix the following security issue:
Object injection in PHPMailer, CVE-2020-36326 and CVE-2018-19296.
Thank you to the members of the WordPress security team for implementing these fixes in WordPress.
For more information refer to the version 5.7.2 HelpHub documentation page.
The 5.7.2 release was led by @peterwilsoncc and @audrasjb.
Thank you to everyone who helped make WordPress 5.7.2 happen: @audrasjb, @ayeshrajans, @desrosj, @dd32, @peterwilsoncc, @SergeyBiryukov, and @xknown.