Announced by WordPress on April 15th:

WordPress 5.7.1 is now available!

This security and maintenance release features 26 bug fixes in addition to two security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 4.7 have also been updated.

Advertisement

WordPress 5.7.1 is a short-cycle security and maintenance release. The next major release will be version 5.8.

You can download WordPress 5.7.1 by downloading from WordPress.org, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Security Updates

Two security issues affect WordPress versions between 4.7 and 5.7. If you haven’t yet updated to 5.7, all WordPress versions since 4.7 have also been updated to fix the following security issues:

  • Thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8.
  • Thanks Mikael Korpela for reporting a data exposure vulnerability within the REST API.

Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.

For more information, browse the full list of changes on Trac, or check out the version 5.7.1 HelpHub documentation page.


See the full statement here:  https://wordpress.org/news/2021/04/wordpress-5-7-1-security-and-maintenance-release/

Scott E