Posted January 16, 2018 by Ian Dunn. Filed under Releases, Security.
WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.
An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.
MediaElement has released a new version that contains a fix for the bug, and a WordPress plugin containing the fixed files is available in the plugin repository.
Thank you to the reporters of this issue for practicing responsible security disclosure: Enguerran Gillier and Widiz.
21 other bugs were fixed in WordPress 4.9.2. Particularly of note were:
The previous taxonomy-agnostic behavior of get_category_link() and category_description() was restored.
Switching themes will now attempt to restore previous widget assignments, even when there are no sidebars to map.
The Codex has more information about all of the issues fixed in 4.9.2, if you’d like to learn more.
Download WordPress 4.9.2 or venture over to Dashboard → Updates and click “Update Now.” Sites that support automatic background updates are already beginning to update automatically.
Thank you to everyone who contributed to WordPress 4.9.2:
0x6f0, Aaron Jorbin, Andrea Fercia, Andrew Duthie, Andrew Ozz, Blobfolio, Boone Gorges, Caleb Burks, Carolina Nymark, chasewg, Chetan Prajapati, Dion Hulse, Hardik Amipara, ionvv, Jason Caldwell, Jeffrey Paul, Jeremy Felt, Joe McGill, johnschulz, Juhi Patel, Konstantin Obenland, Mark Jaquith, Nilambar Sharma, Peter Wilson, Rachel Baker, Rinku Y, Sergey Biryukov, and Weston Ruter.
The website has gone from being a tool to talk about and advertise a business, to actually being the business.
At the very onset of what we now refer to as the “dotcom boom,” nobody knew what was going on. Nobody knew the phrase dotcom boom yet, they only knew there was something big happening. Nobody could quite put their finger on what it was, but they wanted in. Many of those who got in early became fabulously wealthy very quickly.
Today we find ourselves in a similar situation.
We are at the beginning of a tremendous wave of transformative cloud-driven innovation that will surpass the innovation and wealth generated during the earlier dotcom boom. This sweeping trend will be driven by simplified business models, as-a-service offerings that reduce the barriers to entry and a new demand for heightened levels of service. It is forever changing how we do business, how we interact with one another, and it will change the very nature of how we define a company. More importantly, cloud has already begun to change the nature of startups and entrepreneurship, giving more people a seat at the table.
The framework of this new boom time is already in place, and we all know it as the “cloud.” Its evolution has morphed the cloud from being a mere set of technologies, to being much more than the sum of its parts — and the catalyst for everything from transforming old-style manufacturing, to creation of born-in-the-cloud alternatives. It is at the heart of the current redefinition of what we think of as a “job.” It is the trigger for a new wave of entrepreneurship.
The webmaster’s role in the dotCloud.
The difference between a dotcom business and dotCloud business is who is seen as the hero. Dotcoms in the 1990s revolved around teams of coders and back-room IT functionaries who built massive e-commerce engines and transactional portals from scratch. Because they were inventing things that nobody had conceived of before and were at the same time inventing the tools used to make them, development costs were high. Dotcoms with what we would consider today to be a simple proposition burned through tens of millions of dollars in venture money before they could make a single dime.
Today, those commercial and technological engines dotcommers put so much effort into developing are available in the cloud for 10 bucks a month — and the king of the hill in today’s new business is the webmaster. The webmaster must present not only an informational portal to potential customers, but an entire virtual business contained in a computer screen, including a transactional face connected to infrastructure-as-a-service back ends, as-a-service apps, and often using development platforms-as-a-service to create new websites that go far beyond yesterday’s web imperative of simply providing information and pretty pictures.
“The role of the website has dramatically changed over the past 10 years, and so too has the role of the webmaster,” said Mark Verkhovski, president of the American Webmasters Association. “Webmasters are no longer just designers and creators of attractive electronic billboards; they are business architects. They are creating what amounts to entire virtual businesses that exist only in the cloud. Increasingly, the website isn’t just something that sends customers to a revenue generator, the website itself is the revenue generator.”
The ever-changing website is at the heart of the dotCloud revolution, having quickly moved from a platform that is static and informational, to one that is highly interactive, which forms the very foundation of most new startups. The website has gone from being a tool to talk about and advertise a business, to actually being the business.
The new dotCloud economy.
The cloud isn’t new, at least in terms of internet speed, where last year’s technology is already obsolete. What is new is the emergence of a new economy that is firmly built on and enabled by cloud technologies. During the early dotcom era, a lot of new technologies came into being, many of which are still with us. But it didn’t truly become a “movement” until the dotcoms started to change the economy and transform from being a tool for business to being the business. The dotcom movement reached its potential when its innovation moved into the non-tech sector, influencing things like manufacturing and retail.
Today, we’re starting to see that happen again, with the emergence of large, completely born-in-the-cloud enterprises, new businesses built on the Internet of Things and entrenched legacy companies with new global and virtualized supply chains — the existence of which have repercussions far outside of their intended reach. Uber, for example, is a born-in-the-cloud company with a relatively simple app. But the company’s impact has been far-reaching, creating a virtual army of part-time entrepreneurs getting in on the new “gig economy,” and even ushering in serious competition to old-school industries like taxicab companies.
“At the heart of this new economy, the webmaster is the new master of ceremonies,” said Verkhovski. “His or her role is one of not just building, but more importantly, one of orchestration and integration. With the website becoming the center of the cloud based enterprise, a startup’s success will be increasingly dependent on the ability to create an online presence that not only presents an attractive public face, but also is capable of orchestrating multiple back ends, vast amounts of data, and several apps, connecting potentially thousands of people, all while offering up assurances of world-class security, speed and reliability of service, and the privacy protections that are demanded by the public.”
The new normal for startups in the dotCloud.
With the website — rather than brick and mortar — sitting firmly at the heart of many new startup businesses, the nature of what it means to launch a business has shifted. “Even during the height of the dotcom boom, startups still needed vast amounts of physical infrastructure, often running their own data centers. And even small startups still ran their own servers on premise,” said Cary Landis, president of SaaSMaker, a development platform as a service that is firmly rooted in the dotCloud phenomenon. “Those same dotcom startups also spent tremendous resources in development from the ground up. As a result, even smaller startups in the nineties needed a large amount of money, and the high cost of entry was a major contributing factor in the demise of so many of those dotcoms.”
“The new normal is driven by the sheer power of the website as a building block of business,” said Verkhovski. “Today’s startup can exist with one person and a laptop doing what it may have taken 20 people to do just a couple decades ago, and with a lot less capital. At the heart of it all is a shift in focus that has taken the website from informational and supplemental to a business, to transactional and being the business.”