WordPress 4.6.1 was just released. This is an important security release that includes fixes for critical vulnerabilities and improvements for WordPress 4.6 and lower and is recommended for all WordPress users.
As always, Managed WordPress websites will be updated by 1&1 automatically. If you have installed WordPress yourself or use a standard installation from the 1&1 App Center, you can update to 4.6.1 from your WordPress Dashboard. Select Updates and click Update Now.
If you prefer to update manually, you can download WordPress 4.6.1 here.
What’s new in WordPress 4.6.1?
This release contains important security updates and bug fixes, among other smaller improvements (wordpress.org, Jeremy Felt):
Bootstrap/Load: #37680 – PHP Warning: ini_get_all() has been disabled for security reasons
Comments: #37696 – WP_Comment_Query loses sql_clauses with object cache
Editor: #37690 – Backspace causes jumping
Email: #37736 – Emails fail on certain server setups
External Libraries: #37700 – Warning: curl_exec() has been disabled for security reasons (Requests library). #37720 – The minified version of the Masonry shim was not updated in #37666 (Masonry library)
Post Thumbnails: #37697 – Strange behavior with thumbnails on preview in 4.6
Script Loader: #37800 – Close “link rel” dns-prefetch tag
Taxonomy: #37721 – Improve error handling of is_object_in_term in taxonomy.php
Themes: #37755 – Visual Editor: Weird unicode (Vietnamese) characters display on WordPress 4.6
TinyMCE: #37760 – Problem with RTL
Upgrade/Install: #37731 – Infinite loop in _wp_json_sanity_check() during plugin install
For a complete list of all bug fixes and improvements please see the official WordPress 4.6.1 release notes.